Re: Logging single alert per packet

["Bhagya Bantwal (bbantwal)" <bbantwal () cisco com>]

Hello Beenish,

Just to clarify, what you want is to alert on one rule per packet when multiple rules are present?

Thanks!
From: Beenish Raza <beenish.raza () hotmail com<mailto:beenish.raza () hotmail com>>
Date: Wednesday, May 21, 2014 5:21 AM
To: "snort-devel () lists sourceforge net<mailto:snort-devel () lists sourceforge net>" <snort-devel () lists 
sourceforge net<mailto:snort-devel () lists sourceforge net>>
Subject: [Snort-devel] Logging single alert per packet

I want to know the command in snort which allows that snort stop scanning a packet after the 1st match is found. In 
other words, I have to avoid further scanning a packet once a packet is matched against a rule (no need to report the 
longest match).

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!