Re: possible Snort 2.0 bug

[Matt Kettler <mkettler () evi-inc com>]

At 12:48 AM 5/9/2003 -0300, Shoshin wrote:
> ** but if I add an alert test rule to snort.conf ( alert tcp any any -> 
> any any )
>  and run the same IDS MODE command, then it creates log files and adds to 
> the alert file !!
>
> So what is wrong with IDS MODE, it should be logging traffic even if there 
> are no alerts ????


IDS mode shouldn't log without there being alerts, however the test rule 
you describe makes EVERY tcp/ip packet an alert.

alert tcp any any -> any any should more-or-less turn snort into a "log 
everything", with the only exception being that udp and icmp traffic won't 
get logged.

So what makes you conclude that there are "no alerts"?





-------------------------------------------------------
Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
The only event dedicated to issues related to Linux enterprise solutions
www.enterpriselinuxforum.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users