[Snort-sigs] Reporting multiple signatures for same packet?
cmg at ...435...
Fri Apr 26 20:56:04 EDT 2002
Glenn Larsson <ichinin at ...561...> writes:
> When snort recieve "\virtualroot\exploit" the first rule takes
> precedence, get's logged and the second signature get dropped.
> The only way to get "exploit" logged is to change the order, but like
> with the other order, the second signature is ignored/dropped.
> Anyone have a solution for this?
Not currently. First match exit strategy.
Chris Green <cmg at ...435...>
A watched process never cores.
More information about the Snort-sigs