Snort mailing list archives
Re: I would like to use PulledPork to add info into the msg: field
From: Avery Rozar <Avery.Rozar () i-techsupport com>
Date: Thu, 22 Aug 2013 15:20:42 +0000
Looks like that would only work using the sids right? I would like all 7K that care enabled to drop vi dropsid.conf to add "drop" in the msg: area. Something like this, (this did not work, either in modifysid, or dropsid) pcre:security-ips\ drop "\(msg:"" "\(msg:"DROP "; On 8/22/13 10:37 AM, "JJ Cummings" <cummingsj () gmail com> wrote:
modifysid Sent from the iRoad On Aug 22, 2013, at 4:26, Avery Rozar <Avery.Rozar () i-techsupport com> wrote:I'm using dropsid.conf to change security-ips rules to drop. Does anyone have pcre handy to also add information into the msg: field too? Like the word "drop", so when I run searches in the index server I can look for dropped actions. Thank you. ------------------------------------------------------------------------- ----- Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clkt rk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- I would like to use PulledPork to add info into the msg: field Avery Rozar (Aug 22)
- Re: I would like to use PulledPork to add info into the msg: field JJ Cummings (Aug 22)
- Re: I would like to use PulledPork to add info into the msg: field Avery Rozar (Aug 22)
- Re: I would like to use PulledPork to add info into the msg: field JJC (Aug 22)
- Re: I would like to use PulledPork to add info into the msg: field Avery Rozar (Aug 22)
- Re: I would like to use PulledPork to add info into the msg: field waldo kitty (Aug 22)
- Re: I would like to use PulledPork to add info into the msg: field Avery Rozar (Aug 22)
- Re: I would like to use PulledPork to add info into the msg: field Joel Esler (Aug 22)
- Re: I would like to use PulledPork to add info into the msg: field Avery Rozar (Aug 22)
- Re: I would like to use PulledPork to add info into the msg: field JJ Cummings (Aug 22)