[Snort-users] upgraded some tools (snortplot)

Angelos Karageorgiou angelos at ...788...
Tue Oct 30 00:02:02 EST 2001


Martin Roesch wrote:
>
> Um, everything is working the way it was written to, there are no
> problems here except for apparent inconsistency because of the way the
> rules were written.  Maybe I should add the "[**]" back to the msg field
> for syslog output so there's no confusion.

Well I was actually able to work around it. So do not bother, but I was trying
to
get other people's opinion on the subject of log analysis, and see how they
cope. You do not have to do anything.

> 
> I don't think that running things thru M4 would have helped in this case
> particularly, it's perfectly valid to leave out pieces of the rules,
> there are only a few things that are *required* to write a valid Snort
> rule, which makes life easier for everyone in general.
> 

Agreed




More information about the Snort-users mailing list