[Snort-users] q about alerts

Weber Mail Don at ...5881...
Thu May 30 18:03:05 EDT 2002

I want to be alerted when a specific event occurs, the rule i have made
triggers the alert correctly, however, it continues to alert like 4 or 5
times per second, my purpose is alerting upon a telnet connection to machine
x by machines, x,y and z then tcpdump
looks something like this

var telclients [,,]
var telserver []
alert tcp $telclients any -> $telservers any (msg:"Telnet session in
output log_tcpdump: telnets.log

I'd prefer an alert upon the initial connection, and an alert on any new
connection, but i currently get like 5 alerts per second, on just 1

any ideas


More information about the Snort-users mailing list