Snort mailing list archives

Question about the 'tag' keyword

From: L0rd Ch0de1m0rt <l0rdch0de1m0rt () gmail com>
Date: Sat, 4 Dec 2010 16:18:50 -0600

Hello.

I was looking at the Snort manual and reading about the 'tag' keyword
and it says this:

   Format
   tag: <type>, <count>, <metric>, [direction];

But one of the examples has this (page 174):

   tag:host,0,packets,600,seconds,src;

So I guess my question is, can you really do multiple <count> and
<metric> in the same rule?  If so, what takes precedence?

Thanks.

-L0rd Ch0de1m0rt

------------------------------------------------------------------------------
What happens now with your Lotus Notes apps - do you make another costly 
upgrade, or settle for being marooned without product support? Time to move
off Lotus Notes and onto the cloud with Force.com, apps are easier to build,
use, and manage than apps on traditional platforms. Sign up for the Lotus 
Notes Migration Kit to learn more. http://p.sf.net/sfu/salesforce-d2d
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

Current thread:

Question about the 'tag' keyword L0rd Ch0de1m0rt (Dec 04)