[Snort-sigs] problem with double logging
m.agostani at ...1537...
Tue May 27 07:21:02 EDT 2003
I' ve a problem with snort 2.0 using the default output plugin.
If a wrote down a rule like this
log tcp $NET -> .....etc.
my packet being logged double, if the rule say alert I catch only one log.
my snort.conf is
var HOME_NET any
var EXTERNAL_NET any
var HTTP_PORTS 80
var RULE_PATH /etc/snort
preprocessor stream4: detect_scans, disable_evasion_alerts
preprocessor http_decode: 80 unicode iis_alt_unicode double_encode
preprocessor rpc_decode: 111 32771
I fire up snort with /usr/local/bin/snort -i eth0 -c /etc/snort/snort.conf -l
More information about the Snort-sigs