Snort mailing list archives
Tagged packets alerts
From: Kungu Panda <kungupanda () gmail com>
Date: Tue, 14 Dec 2010 12:30:06 +0000
I am getting tagged packets alerts for rules that *do not* include the 'tag' directive such as on sid:16313. Also am getting tagged packets alerts for so_rules like sid:13824. I understand why this could be occurring -- the compiled so_rule including the 'tag' directive and is not something that can be manipulated. I would really like to disable tagged packets alerts in their entirety; don't need them since we perform full packet captures to disc. Already performing a global search and replace on all non-so_rules that come with 'tag' to eliminate the tag directive. Background: snort v2.8.6.3, outputting to log_unified, alert_unified, barnyard to BASE. Any thoughts or ideas? K.Panda
------------------------------------------------------------------------------ Lotusphere 2011 Register now for Lotusphere 2011 and learn how to connect the dots, take your collaborative environment to the next level, and enter the era of Social Business. http://p.sf.net/sfu/lotusphere-d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Tagged packets alerts Kungu Panda (Dec 14)
- Re: Tagged packets alerts Joel Esler (Dec 14)
- Re: Tagged packets alerts Kungu Panda (Dec 14)
- Re: Tagged packets alerts Joel Esler (Dec 14)