Snort mailing list archives
snort event filtering
From: amin Salehi <seyedamin_salehi () yahoo com>
Date: Tue, 13 Nov 2012 20:52:55 -0800 (PST)
hi.i write the following command in threshold.conf: event_filter gen_id 1, sig_id 1000001, track by_src, type both,count 3, seconds 10 according to snort 2.9.3.1 manual this command mean that if 3 match occur then process 1 event in 10 seconds. but when i run snort from begining in every 10 second 1 event is processed(1 alert display on screen).what is the problem?
------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort event filtering amin Salehi (Nov 13)
- Re: snort event filtering Russ Combs (Nov 14)