Snort mailing list archives

What is ruletype type good for?

From: carold () gmx net
Date: Fri, 5 Jul 2002 18:40:19 +0200 (MEST)

I am unable to find out what is the functional significance of "type alert"
or "type log" in "ruletype". My assumption was that it sets processing
priority for rules of this type but this is not the case. Even if I have "ruletype
myalert" of "type alert" Snort will process these rules as
alert->pass->log->myalert, which does not make sense in my mind.

Could anybody clarify?


-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Bringing you mounds of caffeinated joy.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

What is ruletype type good for? carold (Jul 05)
- Re: What is ruletype type good for? Erek Adams (Jul 05)
  - Re: What is ruletype type good for? carold (Jul 05)
    - Re: What is ruletype type good for? Erek Adams (Jul 06)
    - Re: What is ruletype type good for? carold (Jul 07)
    - Re: What is ruletype type good for? Andrew R. Baker (Jul 07)
    - Re: Alert vs. Log (Was: What is ruletype type good for?) Erek Adams (Jul 06)