[Snort-users] -z est missing alerts?

Brian Smith brians at ...4435...
Tue Jan 8 08:09:03 EST 2002


yes. I found that running with '-z est' dropped alerts too. I couldn't figure out why, as the alerts I was triggering definitely included 2-way 'established' traffic. I sent a bug report but never heard anything back (maybe I didn't send enough info. This was 1.8.1 I believe.

On Tue, Jan 08, 2002 at 10:07:04AM -0200, Andreas Hasenack wrote:
> snort-1.8.3
> I then restart snort with -z est and hit ctrl-r on lynx. Snort doesn't see
> this anymore. I remove the -z est switch, hit ctrl-r and snort sees the
> attack again.




More information about the Snort-users mailing list