Snort mailing list archives

For the command line option --alert-before-pass, is it deprecated or not?

From: Zhuxian <zhuxian () huawei com>
Date: Sat, 21 Jan 2012 02:09:27 +0000

Hi,

For the command line option --alert-before-pass, is it deprecated or not?

It only influence the order in snort_conf->rule_lists. But for PORT_GROUP, such as sc->prmTcpRTNX-> prmSrcPort[i], the 
building algorithm, and the rule matching algorithm in fpEvalHeaderSW(), the order does not take any effect. For the 
event selection logic in fpFinalSelectEvent() and sfeventq_action(), I also don't found any logic for this option.


Regards,
Kurt.

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

For the command line option --alert-before-pass, is it deprecated or not? Zhuxian (Jan 22)