Re: [Snort 2.2.0] Rules won't trigger

[Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>]

Hi,

thanks a lot for your contribution. Alex was able to pinpoint the error
down to the incorrect signature.

Anyway, I have another rules not triggering too, for example test-cgi
and printenv. These signatures seem correct but also do not trigger. I
am still looking for errors in my config... :-\ Would someone be so kind
to test this with his/her Snort setup?

Best regards,
Edin

Joshua Berry schrieb am 20.01.2005 17:28:
> If you are not queing the packets then snort will alert on the first
> signature that matches (if I remember correctly), therefore only one of
> these signatures will be logged.  You need to use:
>
> config event_queue: max_queue x log y order_events priority
>
> Where x is replaced with a number you feel comfortable with queing, and
> y is the number of signatures to alert on in order of priority (I
> think).
...


--
Edin Dizdarevic


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users