Snort mailing list archives
Re: Generate alert but not log packet data
From: "Shawn Truax" <Shawn.Truax () mbs gov on ca>
Date: Sat, 08 Mar 2003 03:40:06 -0500
Sorry, I meant that I want a couple of rules to just alert and not log. I do want all the other rules to log the packet data. I have created a couple of alerts that I just need the alert data for and in the interest of saving some disk space I would like to disregard the packet data and not save it. However I still want the packet data from all the other alerts just not the two custom rules I wrote. Is this possible? Thanks for the previous response. Shawn Truax Security Specialist Corporate Security Toronto, Ontario
"Alberto Gonzalez" <electron () wwjh net> 03/08/03 03:06am >>>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
Hello
Is there a way to generate an alert for a snort rule but not actually log the packet data. It looks like there is an option to just log the packet and not alert but not vise versa.
Yup sure is........
(root@cerebro)(~) /usr/local/bin/snort -?
[...snip...]
- -N Turn off logging (alerts still work)
See also Page 7 of the snort users manual(pdf) or [1]
Shawn Truax Security Specialist Corporate Security
Cheers! Alberto Gonzalez [1] - http://www.snort.org/docs/writing_rules/chap1.html#tth_sEc1.4.1 - -- "Success comes to the person who does today, what you are thinking of doing tomorrow." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+aaScORajRLkA7bARAtgJAKCXxjo2l5Wo5RQNATy9LDWZXnj7lwCfevUU dNk3dYbyOB8ckBBGOciDgRI= =+g49 -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Generate alert but not log packet data Shawn Truax (Mar 07)
- Re: Generate alert but not log packet data Alberto Gonzalez (Mar 08)
- <Possible follow-ups>
- Re: Generate alert but not log packet data Shawn Truax (Mar 08)
- Re: Generate alert but not log packet data Alberto Gonzalez (Mar 08)