Snort mailing list archives
RE: Multiple alerts for a single packets
From: "Paul Melson" <pmelson () gmail com>
Date: Tue, 1 Nov 2005 09:44:49 -0500
________________________________ Subject: [Snort-users] Multiple alerts for a single packets
1. If a packet matches more than one rule do I recieve multiple alerts for
it or does Snort
alerts only the first?
Multiple alerts.
2. In case of multiple alerts for a single packet - can I set a limit to
the amount of
alerts I will get for a single packet? can I unite all the alerts to a
single alert?? Nope. You can use thresholding to limit the number of alerts in a time interval by the type of alert (http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/node22.html#Event_Th resholding), but this cannot be done on a per-packet basis. PaulM ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Multiple alerts for a single packets Hadass Harel (Nov 01)
- RE: Multiple alerts for a single packets Paul Melson (Nov 01)
- Re: Multiple alerts for a single packets Joel Esler (Nov 01)
- <Possible follow-ups>
- RE: Multiple alerts for a single packets Briggs, Bruce (Nov 01)