Snort mailing list archives

Re: -z est missing alerts?

From: Brian Smith <brians () monkeytek com>
Date: Tue, 8 Jan 2002 08:08:04 -0800

yes. I found that running with '-z est' dropped alerts too. I couldn't figure out why, as the alerts I was triggering 
definitely included 2-way 'established' traffic. I sent a bug report but never heard anything back (maybe I didn't send 
enough info. This was 1.8.1 I believe.

On Tue, Jan 08, 2002 at 10:07:04AM -0200, Andreas Hasenack wrote:

snort-1.8.3
I then restart snort with -z est and hit ctrl-r on lynx. Snort doesn't see
this anymore. I remove the -z est switch, hit ctrl-r and snort sees the
attack again.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

-z est missing alerts? Andreas Hasenack (Jan 08)
- Re: -z est missing alerts? Brian Smith (Jan 08)
  - Re: -z est missing alerts? Martin Roesch (Jan 08)