[Snort-sigs] Differences between versions
nagasaka at ...2239...
Wed Feb 18 18:53:01 EST 2004
I solved my problem by myself. It was caused by the threshold feature.
Although I've turned off the all preprocessors and have never writen
any thresholds in threshold.conf, there IS the default threshhold
which can not be disable according to doc/README.threshhold.
Hence, rules without sids are affected by the default threshold.
I think that the user manual should have to notice that.
> However, this does not work on the following environments:
> 2.1.1RC1 (FreeBSD4.9-p2)
> 2.1.0 (FreeBSD4.9-p2)
> 2.0.6 (FreeBSD4.9-p2)
> while this works on the following environment:
> 2.0.5 (Linux-2.4.22)
Text by Kosaku Nagasaka. [E-mail: nagasaka at ...2239...]
<Remember, success comes in "cans", failure comes in "can'ts".>
*****Note that I may read E-mails in the Text format only.*****
More information about the Snort-sigs