Steve,
On Jan 21, 2008, at 9:26 AM, Steve Ng wrote:
I've tried editing the rules in /etc/snort/rules/local.rules by
adding in new rules.
Appearantly from the honeywall "menu" - "status" - "snort alert" I
could see my alert generated.
The dialog menu command goes to the actual snort_full file and puts it
up for your viewing. So any snort alert that logs with a message will
be visible there.
Walleye reads its information from the database. The alerts get to
the database via hflowd.pl. This is the daemon responsible for
getting all the various pieces of data into the walleye_0_3 data base.
However, walleye doesn't seems to be able to generate that.
Is there something that I'm missing out? Or where does walleye draw
out those alerts from?
Can you send me one of the rules you created in your local.rules so I
can further debug this problem?
Thanks in advance,
Rob
_______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall
