Snort mailing list archives
RE: A simple question........
From: "Esler, Joel - Contractor" <joel.esler () rcert-s army mil>
Date: Mon, 13 Sep 2004 08:32:18 -0400
Depends on what version of Snort you are running. Apparently Snort 2.2.0 alerts off of multiple rules. Joel -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Dennis George Sent: Monday, September 13, 2004 5:44 AM To: snort-users () lists sourceforge net Subject: [Snort-users] A simple question........ Hi all, I think it will be simple question............ But I am slighlty confused.......... 1) If in my rule file I have 3 rules and in a packet all the 3 rules get satisfied... do I get all the three alerts ?? 2) If I have two identical rules then does snort discard one of the rule or generate two alerts when that rule is satisfied ??? thanks in advance Dennis _____ Do you Yahoo!? Yahoo! <http://us.rd.yahoo.com/mail_us/taglines/50x/*http://promotions.yahoo.co m/new_mail/static/efficiency.html> Mail - 50x more storage than other providers!
Current thread:
- A simple question........ Dennis George (Sep 13)
- Re: A simple question........ Pedro Fortuna (Sep 13)
- Re: A simple question........ Dennis George (Sep 13)
- Re: A simple question........ Dennis George (Sep 14)
- Re: A simple question........ Jason (Sep 14)
- Re: A simple question........ Martin Roesch (Sep 16)
- Re: A simple question........ Dennis George (Sep 13)
- Re: A simple question........ Pedro Fortuna (Sep 13)
- <Possible follow-ups>
- RE: A simple question........ Esler, Joel - Contractor (Sep 13)