[Snort-devel] Re: [Snort-sigs] Getting lots of hits on sid:1841

Russell Fulton r.fulton at ...1343...
Wed Sep 4 09:19:03 EDT 2002


On Tue, 2002-09-03 at 11:28, John Sage wrote:

> I'll jump right in and ask a stupid question:

There are no stupid questions, only stupid answers ;-)
> 
> What are you seeing that lets you know the rule's firing off on some
> packets, but that's *not* logging enough about the packet to tell you
> anything about it?

What I am getting is the alert with the normal details.  What I am not
getting is the packet content logged in the log dir so I can't tell
what actually triggered the rule.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

"It aint necessarily so"  - Gershwin





More information about the Snort-devel mailing list