[Snort-users] snort log file

Martin Roesch roesch at ...421...
Mon Oct 23 12:27:22 EDT 2000

Not right now, but that feature is coming.  There's a new feature in the
upcoming version 1.7 called "dynamic rules".  It allows you to specify a rule
that can turn on other rules.  This is not connection specific, however (i.e.
the rule that is turned on has it's own rule header and there's no way to
communicate the specific connection properties at this point).  I'm planning
on implementing something like a "collect" keyword that will allow alerts that
go off to specify that all traffic that is *part of that specific connection*
be collected.  That may or may not get implemented in version 1.7...

If you want to check out dynamic rules, they're in the version that's in CVS
right now.


Mark Scott wrote:
> Hi,
> What are most of you doing if you get a snort alert and want to look at the
> normal packets around the alert? Is it possible to configure snort to
> capture all packet traffic for a period of time and not just the packets
> that set off a rule?
> Thanks,
> Mark
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

Martin Roesch
roesch at ...421...

More information about the Snort-users mailing list