Re: Generate alert but not log packet data

[Alberto Gonzalez <electron () wwjh net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> Hi,

Hello

> Is there a way to generate an alert for a snort rule but not actually 
> log the packet data.  It looks like there is an option to just log the 
> packet and not alert but not vise versa.

Yup sure is........

(root@cerebro)(~) /usr/local/bin/snort -?
       
[...snip...]

- -N         Turn off logging (alerts still work)

See also Page 7 of the snort users manual(pdf) or [1]

> Shawn Truax
> Security Specialist
> Corporate Security

Cheers!
  Alberto Gonzalez

[1] - http://www.snort.org/docs/writing_rules/chap1.html#tth_sEc1.4.1

- -- 
"Success comes to the person who does today, what you are thinking of doing tomorrow." 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+aaScORajRLkA7bARAtgJAKCXxjo2l5Wo5RQNATy9LDWZXnj7lwCfevUU
dNk3dYbyOB8ckBBGOciDgRI=
=+g49
-----END PGP SIGNATURE-----



-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users