Snort mailing list archives

Re: I would like to use PulledPork to add info into the msg: field

From: JJ Cummings <cummingsj () gmail com>
Date: Thu, 22 Aug 2013 08:37:35 -0600

modifysid

Sent from the iRoad

On Aug 22, 2013, at 4:26, Avery Rozar <Avery.Rozar () i-techsupport com> wrote:

I'm using dropsid.conf to change security-ips rules to drop. Does anyone have pcre handy to also add information into 
the msg: field too? Like the word "drop", so when I run searches in the index server I can look for dropped actions.

Thank you.

------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

I would like to use PulledPork to add info into the msg: field Avery Rozar (Aug 22)
- Re: I would like to use PulledPork to add info into the msg: field JJ Cummings (Aug 22)
  - Re: I would like to use PulledPork to add info into the msg: field Avery Rozar (Aug 22)
    - Re: I would like to use PulledPork to add info into the msg: field JJC (Aug 22)
    - Re: I would like to use PulledPork to add info into the msg: field Avery Rozar (Aug 22)
    - Re: I would like to use PulledPork to add info into the msg: field waldo kitty (Aug 22)
    - Re: I would like to use PulledPork to add info into the msg: field Avery Rozar (Aug 22)
    - Re: I would like to use PulledPork to add info into the msg: field Joel Esler (Aug 22)