[Snort-users] rule chains

Erek Adams erek at ...950...
Sun Apr 6 19:41:03 EDT 2003


On Sun, 7 Apr 2003, Derya Sezen wrote:

> Is it possible to define a rule chain in Snort? I mean to make an event
> if a set of rules matches, for example:
> We have find a traffic with consists of 3 packets:
> client -> server
> server -> client
> client -> server
>
> each packet has its own specific information, like the content...
>
> If we see a traffic like that, between a client and a server, we want to
> define event, a log or a flex response...
>
> If it is possible, how can i do it!?

Activate/Dynamic rule [0].

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

[0]	http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.2.6




More information about the Snort-users mailing list