[Snort-devel] TCPDUMP - logging traffic from an attacker

Chris Green cmg at ...402...
Wed Mar 27 10:00:02 EST 2002

Robert Wagner <rwagner at ...1225...> writes:

> It appears that this needs to be done on a per rule basis.  Thanks for the
> information!

Yes it does.  For an unsupported patch that makes it easier, search
the mail list archives for something called "tagaction". .


Use the patch from the newest email, the documentation from the others
Chris Green <cmg at ...402...>
This is my signature. There are many like it but this one is mine.

More information about the Snort-devel mailing list