[Snort-devel] Proposal: New rule action, "info"

Martin Roesch roesch at ...402...
Thu Nov 1 19:20:05 EST 2001


Ok, I just checked in spo_log_null, so you can now do this:

ruletype info {
	type alert
	output alert_fast: info.alert
	output log_null
}

and not have the packets logged.  It's a hack, but it's a prettier hack.
:)

     -Marty

Matthew Callaway wrote:
> 
> In that case, I'll just hold off until development of 2.0 gets underway,
> and stick with my hack for now.
> 
> Matt
> 
> On Thu, 1 Nov 2001, Martin Roesch wrote:
> 
> > That said, we're finally ready to begin development on Snort 2.0 and I
> > expect to do so starting in December.  Snort 2.0 will be a lot cleaner
> > than the current design, and when it's ready I think people will be
> > happy with the overall level of flexibility and power offered by the
> > second generation of the system.

--
Martin Roesch - President, Sourcefire Inc. - (410)552-6999
roesch at ...402... - http://www.sourcefire.com  
Snort: Open Source Network IDS - http://www.snort.org




More information about the Snort-devel mailing list