Snort mailing list archives

v1.9 log multiple alert packets

From: Rich Adamson <radamson () routers com>
Date: Wed, 19 Feb 2003 07:45:06 -0600


must have lost multiple brain cells...

When an alert is fired (eg, MS-SQL worm rule), what snort option is
used to log not only the offending packet for the alert, but also the
next two/three packets that represent the response from the target
machine? (My current log file entries contain only the packet tripping
the alert.)

(Running Win32 v1.9, IDScenter, low traffic volume, alert mode full)




-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

v1.9 log multiple alert packets Rich Adamson (Feb 19)
- Re: v1.9 log multiple alert packets Chris Green (Feb 19)
- <Possible follow-ups>
- Re: v1.9 log multiple alert packets Margles Singleton (Feb 19)