[Snort-users] Question on Logging and Alerts Suggestion
sbrown at ...39...
Tue Jul 18 13:40:52 EDT 2000
-----BEGIN PGP SIGNED MESSAGE-----
Would there be a way for SNORT to stamp the file if found the rule
into the alert file, or in any other logging? Many times I would
like to remove a rule or change it to fit my environment yet have to
look through each of the "*-lib" files for the given rule.
If it could look something like the following:
[**] PING-ICMP Destination Unreachable [**]
snort-lib rule set <<<--------(this is what I would like in each
07/18-13:00:45.54555 my.network.com -> evil.person.com
ICMP TTL:128 TOS:0x0 ID:19237
DESTINATION UNREACHABLE: PORT UNREACHABLE
I'm not sure if SNORT does not know the rule set it received it from,
or if it views it as one big set of rules. I'm open to flames or
suggestions. I'm somewhat new to SNORT so be kind please.
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
-----END PGP SIGNATURE-----
More information about the Snort-users