Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Multiple alerts for a single packets

From: "Paul Melson" <pmelson () gmail com>
Date: Tue, 1 Nov 2005 09:44:49 -0500
________________________________

Subject: [Snort-users] Multiple alerts for a single packets


1. If a packet matches more than one rule do I recieve multiple alerts for

it or does Snort 

alerts only the first?


Multiple alerts.


2. In case of multiple alerts for a single packet - can I set a limit to

the amount of 

alerts I will get for a single packet? can I unite all the alerts to a

single alert??

Nope.  You can use thresholding to limit the number of alerts in a time
interval by the type of alert
(http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/node22.html#Event_Th
resholding), but this cannot be done on a per-packet basis.

PaulM



-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: