[Snort-users] Rule set Query
skill2die4 at ...131...
Wed Mar 6 08:23:02 EST 2002
consider there are 2 rules ... however, one rule is
SuperSET of the other . Example
A.rules = alert any any < > $home 80 _ _ _ _
B.rules = alert $Secure any < > $home 80 _ _ _ _
now when i execute the snort ,and there is a Packet
incoming from $Secure
1. Would snort log both of them ?
2. If i put the B.rules before the A.rules would it make
snort log only the second attack and not the first ?
3. Is there a way to acheive the result of Query2 , ie
only logging rule B and not the A when there is a
packet from $Secure ?
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
More information about the Snort-users