[Snort-devel] New entry in Signature table for tagged packets

Frank Knobbe frank at ...2134...
Fri Nov 26 08:06:04 EST 2004


On Thu, 2004-11-25 at 21:07, Russell Fulton wrote:
> AH! Thanks for bringing this up Frank! I've been meaning to ask how one
> links the tagged packets back to the alert that triggered their
> capture.  In most cases it is obvious but there have been times when I
> have been left with no idea why the packets have been captured.

Heya Russell,

we use a dual-alerting system (one being database independent). The
other mechanism we use automatically groups the events by IP, so the
tagged packets are always in the same *cough*email*cough* as the
triggering sig. :)

Cheers,
Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20041126/7fecf239/attachment.sig>


More information about the Snort-devel mailing list