Snort mailing list archives
Re: [Snort 2.2.0] Rules won't trigger
From: Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>
Date: Thu, 20 Jan 2005 19:14:02 +0100
Hi, thanks a lot for your contribution. Alex was able to pinpoint the error down to the incorrect signature. Anyway, I have another rules not triggering too, for example test-cgi and printenv. These signatures seem correct but also do not trigger. I am still looking for errors in my config... :-\ Would someone be so kind to test this with his/her Snort setup? Best regards, Edin Joshua Berry schrieb am 20.01.2005 17:28:
If you are not queing the packets then snort will alert on the first signature that matches (if I remember correctly), therefore only one of these signatures will be logged. You need to use: config event_queue: max_queue x log y order_events priority Where x is replaced with a number you feel comfortable with queing, and y is the number of signatures to alert on in order of priority (I think).
... -- Edin Dizdarevic ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- [Snort 2.2.0] Rules won't trigger Edin Dizdarevic (Jan 20)
- Re: [Snort 2.2.0] Rules won't trigger Alex Kirk (Jan 20)
- Re: [Snort 2.2.0] Rules won't trigger Edin Dizdarevic (Jan 31)
- <Possible follow-ups>
- RE: [Snort 2.2.0] Rules won't trigger Joshua Berry (Jan 20)
- Re: [Snort 2.2.0] Rules won't trigger Edin Dizdarevic (Jan 20)
- Re: [Snort 2.2.0] Rules won't trigger Alex Kirk (Jan 20)
- Re: [Snort 2.2.0] Rules won't trigger Edin Dizdarevic (Jan 20)
- Re: [Snort 2.2.0] Rules won't trigger Edin Dizdarevic (Jan 20)