Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Multiple alerts for a single packets

From: Joel Esler <joel.esler () sourcefire com>
Date: Tue, 1 Nov 2005 10:33:02 -0500
1.  You will receive multiple alerts by default.
2. You can change the maximum number of logged events for a given packet or stream by setting the "log" parameter in the "config event_queue" module. You can also order events by priority or content length.
For further information on the event_queue module, please see page 85 in the Snort PDF manual available at www.snort.org/docs 

Joel Esler
SOURCEfire


On Oct 19, 2005, at 6:28 AM, Hadass Harel wrote:


Hi,

I will appreciate getting information for the following questions:
1. If a packet matches more than one rule do I recieve multiple alerts for it or does Snort alerts only the first? 2. In case of multiple alerts for a single packet - can I set a limit to the amount of alerts I will get for a single packet? can I unite all the alerts to a single alert?? 

Thanks, Hadass




-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: