Snort mailing list archives
v1.9 log multiple alert packets
From: Rich Adamson <radamson () routers com>
Date: Wed, 19 Feb 2003 07:45:06 -0600
must have lost multiple brain cells... When an alert is fired (eg, MS-SQL worm rule), what snort option is used to log not only the offending packet for the alert, but also the next two/three packets that represent the response from the target machine? (My current log file entries contain only the packet tripping the alert.) (Running Win32 v1.9, IDScenter, low traffic volume, alert mode full) ------------------------------------------------------- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- v1.9 log multiple alert packets Rich Adamson (Feb 19)
- Re: v1.9 log multiple alert packets Chris Green (Feb 19)
- <Possible follow-ups>
- Re: v1.9 log multiple alert packets Margles Singleton (Feb 19)