Snort mailing list archives
Logging non tcp/udp/icmp packets
From: "Thomas Porter, Ph.D." <tporter () dtool com>
Date: Sat, 2 Mar 2002 01:41:13 -0500
I'd like to log all non tcp/udp/icmp packets inbound or outbound. What's the right syntax for the rule below? Thanks # Logging uncommon protocols log [!tcp || !udp || !icmp] $EXTERNAL_NET any <> $HOME_NET any (msg: "Unknown Protocol";session: printable;) _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Logging non tcp/udp/icmp packets Thomas Porter, Ph.D. (Mar 01)
- Re: Logging non tcp/udp/icmp packets Sonika Malhotra (Mar 04)
- Re: Logging non tcp/udp/icmp packets John Sage (Mar 04)
- Re: Logging non tcp/udp/icmp packets Martin Roesch (Mar 04)
- Re: Logging non tcp/udp/icmp packets John Sage (Mar 04)
- Re: Logging non tcp/udp/icmp packets Sonika Malhotra (Mar 04)