我将解码器配置为snort,但是当我运行它时,解码器的规则不会发出警报。
snort version 2.9.16
I used snort subscription rules "snortrules-snapshot-29160.tar.gz"
snort.conf
....
# Stop generic decode events:
# config disable_decode_alerts
config autogenerate_preprocessor_decoder_rules
....
var PREPROC_RULE_PATH ../preproc_rules
# decoder and preprocessor event rules
include $PREPROC_RULE_PATH/preprocessor.rules
include $PREPROC_RULE_PATH/decoder.rules
include $PREPROC_RULE_PATH/sensitive-data.rules
cmd
snort -A console -i em2
stdout
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
452 Snort rules read
8 detection rules
153 decoder rules
291 preprocessor rules
452 Option Chains linked into 5 Chain Headers
+++++++++++++++++++++++++++++++++++++++++++++++++++