[Snort-users] Question on Logging and Alerts Suggestion
roesch at ...1...
Thu Jul 20 00:09:38 EDT 2000
Interesting idea, it should be doable. If we did it, I'd probably want to
enable it as a command line switch because not everyone would want to see that
info all the time. Alternatively, using grep works quite well. :)
I'll take this under advisement for 1.7!
Scott Brown wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Would there be a way for SNORT to stamp the file if found the rule
> into the alert file, or in any other logging? Many times I would
> like to remove a rule or change it to fit my environment yet have to
> look through each of the "*-lib" files for the given rule.
> If it could look something like the following:
> [**] PING-ICMP Destination Unreachable [**]
> snort-lib rule set <<<--------(this is what I would like in each
> 07/18-13:00:45.54555 my.network.com -> evil.person.com
> ICMP TTL:128 TOS:0x0 ID:19237
> DESTINATION UNREACHABLE: PORT UNREACHABLE
> I'm not sure if SNORT does not know the rule set it received it from,
> or if it views it as one big set of rules. I'm open to flames or
> suggestions. I'm somewhat new to SNORT so be kind please.
> Thank You
> Scott Brown
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Personal Privacy 6.5.3
> -----END PGP SIGNATURE-----
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
Martin Roesch <roesch at ...2...>
Core R&D http://www.hiverworld.com
Hiverworld, Inc. Continuous Adaptive Risk Management
More information about the Snort-users