[Snort-users] -o and pass/alert/log usage
ajlill at ...1676...
Thu Jun 28 18:57:36 EDT 2001
>>>>> "Paul" == Paul Sheahan <Sheahan> writes:
Paul> I was told in another post that it doesn't matter WHERE the
Paul> pass rules are in any of the .rules files, and it doesn't
Paul> matter in what order the rules files are included in
Paul> snort.conf. If you use the -o option, all pass rules are
Paul> taken into account first, then alerts. If this is wrong, I'd
Paul> like to know so I get it straight too!
That's how it's supposed to work. However, if you are using 1.7,
there's some bug with include directives that makes this not so, and I
had to move my pass rules before including all the snort rules to work
I really have to find some time to verify whether or not it exists in
the current CVS source.
Tony Lill, Tony.Lill at ...1685...
President, A. J. Lill Consultants fax/data (519) 650 3571
539 Grand Valley Dr., Cambridge, Ont. N3H 2S2 (519) 241 2461
--------------- http://www.ajlc.waterloo.on.ca/ ----------------
"Welcome to All Things UNIX, where if it's not UNIX, it's CRAP!"
More information about the Snort-users