[Snort-users] Part of traffic matching wrong rule
erek at ...950...
Tue Jun 24 12:23:23 EDT 2003
On Tue, 24 Jun 2003, Juergen Anthamatten wrote:
> Rule application order: alert->pass->alarm
By default, pass rules are applied last. You need to change the order of
the applications of rules. With custom types, they are applied last
unless you change the order.
You can change the order with "-o" or a config directive. If you want
'alarm' to go first, then you need to use the config directive :
config order: alarm pass alert dynamic
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users