Snort mailing list archives
Re: Snort Rules
From: Neil Dickey <neil () geol niu edu>
Date: Fri, 8 Jun 2001 10:06:09 -0500 (CDT)
Colin Wu <wucolin () McMaster CA> wrote in response to me:
Don't you also need to specify the protocol? i.e. tcp, udp, or icmp?
[ ... Snip ... ]
It depends. If you are using the '-o' switch when invoking snort, then pass rules have precedence over alert rules. If you aren't, then alert rules have precedence. Check to be sure that you are using this switch.
Yup, sure do. I didn't catch that part, and was only responding to his question regarding the precedence of 'pass' and 'alert' rules. Best regards, Neil Dickey, Ph.D. Research Associate/Sysop Geology Department Northern Illinois University DeKalb, Illinois 60115 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Rules Brian Carpio (Jun 07)
- <Possible follow-ups>
- Re: Snort Rules Neil Dickey (Jun 07)
- Re: Snort Rules Colin Wu (Jun 07)
- Re: Snort Rules Brian Carpio (Jun 08)
- Re: Snort Rules Colin Wu (Jun 07)
- Re: Snort Rules Neil Dickey (Jun 08)