Snort mailing list archives
Re: upgraded some tools (snortplot)
From: Angelos Karageorgiou <angelos () iqs gr>
Date: Tue, 30 Oct 2001 09:46:34 +0200
Martin Roesch wrote:
Um, everything is working the way it was written to, there are no problems here except for apparent inconsistency because of the way the rules were written. Maybe I should add the "[**]" back to the msg field for syslog output so there's no confusion.
Well I was actually able to work around it. So do not bother, but I was trying to get other people's opinion on the subject of log analysis, and see how they cope. You do not have to do anything.
I don't think that running things thru M4 would have helped in this case particularly, it's perfectly valid to leave out pieces of the rules, there are only a few things that are *required* to write a valid Snort rule, which makes life easier for everyone in general.
Agreed _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- upgraded some tools (snortplot) Angelos Karageorgiou (Oct 25)
- Re: upgraded some tools (snortplot) Martin Roesch (Oct 25)
- Re: upgraded some tools (snortplot) Angelos Karageorgiou (Oct 25)
- Re: upgraded some tools (snortplot) Brian (Oct 28)
- Re: upgraded some tools (snortplot) Angelos Karageorgiou (Oct 29)
- Re: upgraded some tools (snortplot) Brian (Oct 29)
- Re: upgraded some tools (snortplot) Martin Roesch (Oct 29)
- Re: upgraded some tools (snortplot) Brian (Oct 29)
- Re: upgraded some tools (snortplot) Angelos Karageorgiou (Oct 30)
- Re: upgraded some tools (snortplot) Angelos Karageorgiou (Oct 25)
- Re: upgraded some tools (snortplot) Martin Roesch (Oct 25)