Snort mailing list archives
redundant rules
From: "Watson, Ed" <ewatson () academic com>
Date: Thu, 10 May 2001 13:27:14 -0700
The default rules don't seem to pick up port scans, even obvious ones. I thought if I used the vision.rules, that would be more effective, and it hasn't. Could redundant rules cause it to not log these events? 1166 rules read... 1166 Option Chains linked into 257 Chain Headers 0 Dynamic rules System Dell 1550 dual PIII 833 1gb ram 100baseTX FDX Resource usage Mem .6% CPU .1% OS RH7 Ed Watson
Current thread:
- redundant rules Watson, Ed (May 10)
- Re: redundant rules Martin Roesch (May 10)