Snort mailing list archives
Snort 3 Config File Question (3)
From: Jim Campbell <jim () w4bqp net>
Date: Mon, 24 Jul 2017 11:37:25 -0400
I am embarrassed to come to come to the list with such a simple question but I really do need an answer.
I am running Snort in IPS/Inline mode. My systemD command line is as follows:
ExecStart=/opt/snort/bin/snort --daq afpacket -Q -c /opt/snort/etc/snort/snort.lua -R /opt/snort/etc/snort/snort3.rules -i enp1s0:enp4s0 -A unified2 -l /opt/snort/etc/snort
Each of the rules in snort3.rules begin with "alert".The Snort 3 User Manual implies that if Snort is in inline mode, when a packet triggers an alert that packet is dropped. I need to be sure. Is there somewhere that I can query that will tell me if packets are being dropped and if so how many?
Thanks, Jim Campbell -- "We are not human beings having a spiritual experience; we are spiritual beings having a human experience." ---Pierre Teilhard de Chardin _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort 3 Config File Question (3) Jim Campbell (Jul 24)
- Re: Snort 3 Config File Question (3) Victor Roemer via Snort-users (Jul 24)
- Re: Snort 3 Config File Question (3) Russ via Snort-users (Jul 24)
- Re: Snort 3 Config File Question (3) Noah Dietrich (Jul 24)
- Re: Snort 3 Config File Question (3) Jim Campbell (Jul 24)
- <Possible follow-ups>
- Re: Snort 3 Config File Question (3) Jim Campbell (Jul 24)
- Re: Snort 3 Config File Question (3) Jim Campbell (Jul 24)
- Re: Snort 3 Config File Question (3) Russ via Snort-users (Jul 24)
- Re: Snort 3 Config File Question (3) Jim Campbell (Jul 25)
- Re: Snort 3 Config File Question (3) wkitty42 (Jul 25)
- Re: Snort 3 Config File Question (3) Jim Campbell (Jul 24)