Snort mailing list archives

Re: Snort rule priorities

From: "Brian (Automail)" <bmc () snort org>
Date: Tue, 29 Jan 2002 23:42:05 -0500

On Wed, Jan 30, 2002 at 01:08:20PM +0900, Ian Masters wrote:

Is it the case presently that the writer of any new signature should 
consult the classification.conf file to decide what class type the new sig 
fits best, which then, in turn, assigns the priority level?


That sets the default priority level.  you can customzie the priority on a
per sig basis with the adding a rule tag like this.

alert tcp any any -> any any (msg:"blah"; priority:2;)

-brian

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort rule priorities Ian Masters (Jan 29)
- Re: Snort rule priorities Brian (Automail) (Jan 29)