[Snort-devel] Proposal: New rule action, "info"

Matthew Callaway matt at ...807...
Thu Nov 1 11:14:06 EST 2001


Well, along those lines, do you consider the current "alert" and "log"
actions to be orthogonal?  It seems to me that "alert" should
do alerts and "log" should do logs. If you want both, specify both, if
you only want one or the other, this would allow it.  Right now, you
can't do this (unless I'm missing something, which is entirely
possible).

Matt

On Thu, 1 Nov 2001 tlewis at ...255... wrote:

> I think that having this behavior coded into snort the way that it is
> is silly.  You should present people with a set of orthogonal options
> and then let them decide which ones they want.  Having a name for each
> potential combination of actions is the wrong way.
>
> That having been said, it is the snort way, so in that context it
> might be the right thing here.





More information about the Snort-devel mailing list