Snort mailing list archives
Feature request: log which sid set a flowbit
From: Brett Edgar <brett.edgar () gmail com>
Date: Fri, 2 Nov 2012 10:21:14 -0500
It would be useful if Snort could log an extra_data event noting which signatures set flowbits. Many such signatures are set to noalert. But several signatures may set the same flowbit, and it becomes improbable to figure out which ones were responsible.
------------------------------------------------------------------------------ LogMeIn Central: Instant, anywhere, Remote PC access and management. Stay in control, update software, and manage PCs from one command center Diagnose problems and improve visibility into emerging IT issues Automate, monitor and manage. Do more in less time with Central http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Feature request: log which sid set a flowbit Brett Edgar (Nov 02)
- Re: Feature request: log which sid set a flowbit Russ Combs (Nov 02)