Re: -z est missing alerts?

[Martin Roesch <roesch () sourcefire com>]

I've been trying to reproduce this on both Linux and FreeBSD, so far
I've been unable to do so.  Looks like I need more info from the
original poster.

     -Marty

Brian Smith wrote:
> yes. I found that running with '-z est' dropped alerts too. I couldn't figure out why, as the alerts I was triggering 
> definitely included 2-way 'established' traffic. I sent a bug report but never heard anything back (maybe I didn't 
> send enough info. This was 1.8.1 I believe.
>
> On Tue, Jan 08, 2002 at 10:07:04AM -0200, Andreas Hasenack wrote:
> > snort-1.8.3
> > I then restart snort with -z est and hit ctrl-r on lynx. Snort doesn't see
> > this anymore. I remove the -z est switch, hit ctrl-r and snort sees the
> > attack again.
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
Martin Roesch - Founder/CEO, Sourcefire Inc. - (410)552-6999
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch () sourcefire com - http://www.sourcefire.com  
Snort: Open Source Network IDS - http://www.snort.org

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users