Snort mailing list archives

RE: Multiple alerts for a single packets

From: "Briggs, Bruce" <Bruce.Briggs () suny edu>
Date: Tue, 01 Nov 2005 08:53:53 -0500

1. you get multiple alerts
2. not that I have seen - for either
 
Bruce

  _____  

From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Hadass
Harel
Sent: Wednesday, October 19, 2005 6:28 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Multiple alerts for a single packets


Hi,

I will appreciate getting information for the following questions:
1. If a packet matches more than one rule do I recieve multiple alerts
for it or does Snort alerts only the first?
2. In case of multiple alerts for a single packet - can I set a limit to
the amount of alerts I will get for a single packet? can I unite all the
alerts to a single alert??

Thanks, Hadass

Current thread:

Multiple alerts for a single packets Hadass Harel (Nov 01)
- RE: Multiple alerts for a single packets Paul Melson (Nov 01)
- Re: Multiple alerts for a single packets Joel Esler (Nov 01)
- <Possible follow-ups>
- RE: Multiple alerts for a single packets Briggs, Bruce (Nov 01)