Snort mailing list archives
Re: About the ruletype syntax
From: Brian <bmc () snort org>
Date: Thu, 29 Jan 2004 12:23:23 -0500
On Sat, Jan 24, 2004 at 02:49:59PM +0000, sutra wrote:
I wondering if there is a better documentation about the ruletype syntax thant the UserManual. Add to this i d like to know if there isn't a misstype in this documentation page 13 about the syntax to use in ruletype, when it s written
<snip> You are correct, there is a typo. I've fixed it in CVS. Thanks for pointing it out. Your example below is correct.
ruletype redalert{ type alert output alert_syslog: LOG_AUTH LOG_ALERT output database: log, mysql, user=snort dbname=snort host=localhost }
Brian ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- About the ruletype syntax sutra (Jan 29)
- Re: About the ruletype syntax Brian (Jan 30)