[Snort-users] removing ping alerts

jess at ...521... jess at ...521...
Thu Oct 5 13:37:06 EDT 2000


	Are you using the -o flag?

>        -o             Change the order in which the rules are applied to 
>                       packets.  Instead of being applied in the standard
>                       Alert->Pass->Log order, this will apply them in 
>                       Pass->Alert->Log order, allowing people to avoid
>			having to make huge BPF command line arguments to
>			filter their alert rules.  User requested.

	snort's default behaviour is: Alert->Pass->Log

	So a pass rule does not avoid generating an alert.

	You can use the -o flag and then your pass rule will be effective:

		Pass->Alert->Log

	But, be careful with what you 'pass'!

								JESS




More information about the Snort-users mailing list