Snort mailing list archives

Multiple alerts for a single packets

From: Hadass Harel <hadass.harel () gmail com>
Date: Wed, 19 Oct 2005 10:28:15 +0000

Hi,

I will appreciate getting information for the following questions:
1. If a packet matches more than one rule do I recieve multiple alerts for
it or does Snort alerts only the first?
2. In case of multiple alerts for a single packet - can I set a limit to the
amount of alerts I will get for a single packet? can I unite all the alerts
to a single alert??

Thanks, Hadass

Current thread:

Multiple alerts for a single packets Hadass Harel (Nov 01)
- RE: Multiple alerts for a single packets Paul Melson (Nov 01)
- Re: Multiple alerts for a single packets Joel Esler (Nov 01)
- <Possible follow-ups>
- RE: Multiple alerts for a single packets Briggs, Bruce (Nov 01)