[Snort-users] rule chains

Derya Sezen funky at ...8796...
Sun Apr 6 13:53:02 EDT 2003


Is it possible to define a rule chain in Snort? I mean to make an event
if a set of rules matches, for example:
We have find a traffic with consists of 3 packets:
client -> server 
server -> client
client -> server

each packet has its own specific information, like the content...

If we see a traffic like that, between a client and a server, we want to
define event, a log or a flex response...

If it is possible, how can i do it!?


Derya Sezen <funky at ...8796...>

More information about the Snort-users mailing list