[Snort-devel] Content Inspection not working
atul_iet at ...398...
Wed Nov 13 01:30:02 EST 2002
I have a problem regarding content inspection of SMTP
traffic. I have made the following rule, but only one
host is getting logged and that is some other machine.
Can anyone help me in this issue.
alert tcp any any -> any 25( sid: 1000001; rev: 1;
msg: "Content resume found in the mail"; flow:
When I test it from different hosts then only one host
gets logged, the others gets unlogged. They all are
from the same hub.
Thanks in advance.
Regards and have a nice day,
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
More information about the Snort-devel