[Snort-users] Logging non tcp/udp/icmp packets

Thomas Porter, Ph.D. tporter at ...2894...
Fri Mar 1 22:42:27 EST 2002

I'd like to log all non tcp/udp/icmp packets inbound or outbound. What's
the right syntax for the rule below? Thanks

# Logging uncommon protocols
log [!tcp || !udp || !icmp] $EXTERNAL_NET any <> $HOME_NET any (msg:
"Unknown Protocol";session: printable;)

