In my previous blog (Testing Snort 2.7.0 Beta 1) , I described about my endeavour to install Snort 2.7.0Beta1. After successfully install Snort, I want to create a simple IDS rule and use my Snort as a simple IDS.
To test Snort as an IDS, first I created a simple rule like the following :
In other Konsole, I ping the localhost again :
From the figure above, we can see that Snort received 10 packets and it analyzed 2 (two) ICMP packets. Those packets generated 5 alerts and 5 log entries.
In the tests/ directory we can see that Snort has created two files :