Snort mailing list archives
rule type declarations type "drop"
From: justin joseph <justinjoseph007 () gmail com>
Date: Tue, 24 Nov 2009 14:16:58 +0530
Hi I wanted to have a separate log file for action "drop" (inline-mode) and as mentioned in the snort manual tested ruletype declarations. I changed "drop" to "mydrop" in the rules file and in the snort.conf file gave the below mydrop ruletype declaration: ruletype mydrop { type drop output alert_full: /var/log/snort/mydrop.full } This does not work with the below error: ERROR: /etc/snort/snort-ips.conf(702): Invalid type for rule type declaration: drop Fatal Error, Quitting.. However, this works if the type is "alert", why does the ruletype not support type "drop"? Is there any other mechanism to distinguish between logs for drops and alert rules? Some of my rules are drop and others alert while running in in-line mode. Thank you Justin ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- rule type declarations type "drop" justin joseph (Nov 24)
- Re: rule type declarations type "drop" justin joseph (Nov 24)
- Re: rule type declarations type "drop" Todd Wease (Nov 24)
- Re: rule type declarations type "drop" justin joseph (Nov 28)
- Re: rule type declarations type "drop" justin joseph (Nov 24)