Snort mailing list archives

Previous By Date Next
Previous By Thread Next

false alert

From: Akinwale Fasuru <fashman2k1 () yahoo com>
Date: Fri, 2 Nov 2012 12:22:51 -0700 (PDT)
Hi,
I wrote ths rule to alert when anybody visit www.youtube.com but it does generate alert even when you have anything 
that has www.youtube.com in it. How can i restrict the alert to only when someone visit the site 

alert tcp any any -> any any (msg:"Someone is on youtube now!"; flow:from_client; content:"www.youtube.com"; 
metadata:service http; classtype:policy-violation; priority:10; sid:1000002;rev:1;)



------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: