Snort mailing list archives
RE: Multiple alerts for a single packets
From: "Briggs, Bruce" <Bruce.Briggs () suny edu>
Date: Tue, 01 Nov 2005 08:53:53 -0500
1. you get multiple alerts 2. not that I have seen - for either Bruce _____ From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Hadass Harel Sent: Wednesday, October 19, 2005 6:28 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Multiple alerts for a single packets Hi, I will appreciate getting information for the following questions: 1. If a packet matches more than one rule do I recieve multiple alerts for it or does Snort alerts only the first? 2. In case of multiple alerts for a single packet - can I set a limit to the amount of alerts I will get for a single packet? can I unite all the alerts to a single alert?? Thanks, Hadass
Current thread:
- Multiple alerts for a single packets Hadass Harel (Nov 01)
- RE: Multiple alerts for a single packets Paul Melson (Nov 01)
- Re: Multiple alerts for a single packets Joel Esler (Nov 01)
- <Possible follow-ups>
- RE: Multiple alerts for a single packets Briggs, Bruce (Nov 01)