Snort mailing list archives

Re: What is ruletype type good for?

From: Erek Adams <erek () theadamsfamily net>
Date: Sat, 6 Jul 2002 12:05:30 -0700 (PDT)

On Fri, 5 Jul 2002 carold () gmx net wrote:

Assuming I got this right, the sole meaning is that "type alert" in
"ruletype" _enables_ (or _allows for_) output alert_<whatever> options?
Namely, the meaning is _not_: "this is an alert rule".


The way I see it--And as usual, someone please step in if I'm off base:

        Alerts--When you define something as an alert, two things happen.
Snort knows which 'tree' to place it in, and snort sends the packet thru the
'Alert' channels.  Now, as a feature of coding, the 'Alert' channels also make
calls out to the 'Logs' channel.  So when something is 'Alerted on' it's also
logged.

        Logs--Works the same as an Alert, except that the packet never goes
thru the 'Alert' channel.  It just gets logged.

Am I answering your questions?  I sure hope so, since I've got a feeling I'm
"just not getting" what you're asking.  :-(

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Got root? We do.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

What is ruletype type good for? carold (Jul 05)
- Re: What is ruletype type good for? Erek Adams (Jul 05)
  - Re: What is ruletype type good for? carold (Jul 05)
    - Re: What is ruletype type good for? Erek Adams (Jul 06)
    - Re: What is ruletype type good for? carold (Jul 07)
    - Re: What is ruletype type good for? Andrew R. Baker (Jul 07)
    - Re: Alert vs. Log (Was: What is ruletype type good for?) Erek Adams (Jul 06)