[Snort-devel] Logging single alert per packet

Bhagya Bantwal (bbantwal) bbantwal at ...3461...
Wed May 21 16:38:43 EDT 2014


Hello Beenish,

Just to clarify, what you want is to alert on one rule per packet when multiple rules are present?

Thanks!
From: Beenish Raza <beenish.raza at ...445...<mailto:beenish.raza at ...445...>>
Date: Wednesday, May 21, 2014 5:21 AM
To: "snort-devel at lists.sourceforge.net<mailto:snort-devel at ...362....net>" <snort-devel at lists.sourceforge.net<mailto:snort-devel at ...2763...rge.net>>
Subject: [Snort-devel] Logging single alert per packet

I want to know the command in snort which allows that snort stop scanning a packet after the 1st match is found. In other words, I have to avoid further scanning a packet once a packet is matched against a rule (no need to report the longest match).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20140521/fe9642ea/attachment.html>


More information about the Snort-devel mailing list