[Snort-users] What is ruletype type good for?
erek at ...577...
Sat Jul 6 12:06:13 EDT 2002
On Fri, 5 Jul 2002 carold at ...158... wrote:
> Assuming I got this right, the sole meaning is that "type alert" in
> "ruletype" _enables_ (or _allows for_) output alert_<whatever> options?
> Namely, the meaning is _not_: "this is an alert rule".
The way I see it--And as usual, someone please step in if I'm off base:
Alerts--When you define something as an alert, two things happen.
Snort knows which 'tree' to place it in, and snort sends the packet thru the
'Alert' channels. Now, as a feature of coding, the 'Alert' channels also make
calls out to the 'Logs' channel. So when something is 'Alerted on' it's also
Logs--Works the same as an Alert, except that the packet never goes
thru the 'Alert' channel. It just gets logged.
Am I answering your questions? I sure hope so, since I've got a feeling I'm
"just not getting" what you're asking. :-(
More information about the Snort-users