Snort mailing list archives
RE: need help understanding the "flow:" keyword
From: Frank Knobbe <frank () knobbe us>
Date: Wed, 05 Jan 2005 15:04:11 -0600
On Wed, 2005-01-05 at 13:46 -0500, Miner, Jonathan W (CSC) (US SSA) wrote:
I do have the flow preprocessor enabled, same line in snort.conf as you have in your email.[...] I am running 2.3RC2... I upgraded to that yesterday. It appears that none of the flow sigs fire.
That is very strange. I'm running 2.3.0RC2 (build 9) with flow preprocessor enabled, and my bleeding (and normal Snort rules) that contain flow alert just fine. Last thing to check... do you have a -z in the Snort command line? If so, take that out and see if that makes difference. Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- need help understanding the "flow:" keyword Miner, Jonathan W (CSC) (US SSA) (Jan 05)
- Re: need help understanding the "flow:" keyword Frank Knobbe (Jan 05)
- <Possible follow-ups>
- RE: need help understanding the "flow:" keyword Miner, Jonathan W (CSC) (US SSA) (Jan 05)
- RE: need help understanding the "flow:" keyword Frank Knobbe (Jan 05)
- RE: need help understanding the "flow:" keyword Miner, Jonathan W (CSC) (US SSA) (Jan 05)
- RE: need help understanding the "flow:" keyword Frank Knobbe (Jan 05)
- Re: gamancio () weg com br - Bayesian Filter detected spam - RE: need help understanding the "flow:" keyword Frank Knobbe (Jan 07)
- RE: need help understanding the "flow:" keyword Miner, Jonathan W (CSC) (US SSA) (Jan 05)
- RE:need help understanding the "flow:" keyword Miner, Jonathan W (CSC) (US SSA) (Jan 11)