<div>
Since I want to monitor traffic from a single source address, would I write the rule like this?<br />
<br />
alert tcp 10.50.x.x any -&gt; any 80 (msg:&quot;10.50.x.x Web Traffic Alert&quot;;)
</div>


Since I want to monitor traffic from a single source address, would I write the rule like this?

alert tcp 10.50.x.x any -> any 80 (msg:"10.50.x.x Web Traffic Alert";)

<div>
Yes, that should work. The only problem with your original rule was that the ports were switched. Your rule was looking for traffic with a source port of 80, not destination.
</div>


Yes, that should work. The only problem with your original rule was that the ports were switched. Your rule was looking for traffic with a source port of 80, not destination.

<div>
<div class="content wysiwyg-content">
I need to monitor a specific users traffic on port 80 and I would like to use a Snort alert rule so that the traffic is stored in mysql on my IDS box.<br />
<br />
I have tried this simple rule but it does not work. &nbsp;IP changed to protect the innocent :-)<br />
<br />
alert tcp 10.x.x.x 80 -&gt; any any (msg:&quot;10.x.x.x Web Traffic Alert&quot;;)<br />
<br />
Since my Snort box sits between the firewall and the main router, it is ideal for monitoring the traffic.<br />
<br />
Can anyone give me a rule that will accomplish what I need?<br />
<br />
Thanks,<br />
<br />
Craig
</div>
</div>


I need to monitor a specific users traffic on port 80 and I would like to use a Snort alert rule so that the traffic is stored in mysql on my IDS box.

I have tried this simple rule but it does not work.  IP changed to protect the innocent :-)

alert tcp 10.x.x.x 80 -> any any (msg:"10.x.x.x Web Traffic Alert";)

Since my Snort box sits between the firewall and the main router, it is ideal for monitoring the traffic.

Can anyone give me a rule that will accomplish what I need?

Thanks,

Craig

Snort rule to alert on a single IP port 80 traffic ??

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.