[Snort-users] false alarm with snort 2.0, why?

Matt Kettler mkettler at ...4108...
Mon Apr 28 13:43:03 EDT 2003


You included some details of the packet, but you skipped including any 
details of the alert.

Which rule or preprocessor is generating the alert/log?

did you start snort with the -o parameter?

At 08:31 PM 4/28/2003 +0200, Holger Marzen wrote:
>Snort 2.0 on Linux 2.2.16
>-------------------------
>
>I defined "regular" traffic with pass rules. Every other traffic goes to
>a logfile.





More information about the Snort-users mailing list