Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Tag: and mysql and Demarc.

From: "Ian Macdonald" <secsnort () dirk demon co uk>
Date: Thu, 25 Apr 2002 19:04:46 -0400
Once a trigger hits I would like snort to continue logging packets for the
session. From the look of it Tag: looks perfect. Expect when  it logs data
to the database it logs it as sig_name NULL. This would be ok, but in demarc
1.05 it relies on the sig_name as the thing to click on to get more
information. So I see the data but no way to display it.

Why doesn't tag log as the same name as the rule that triggered it or at
least as something other than NULL? Is there anyway this can can be changed
in 1.8?

Does anyone have any other suggestions on how to do something similar?

Thanks

Ian



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: