[Snort-users] Rule Order

Ron Shuck rshuck at ...6736...
Thu May 1 12:34:16 EDT 2003


Hi,

Has anyone else changed the rule order under 2.0?

When I upgraded to 2.0, I started having problems with ICMP alerts when
my rule order was set to 'pass alert log'. Actually, any setting other
than default caused problems. ICMP alerts happen, they just skip the
normal rule and trigger the "Undefined Code" rule.

TIA,

Ron Shuck, CISSP, GCIA - Managing Consultant 
Buchanan Associates - A Technology Company in the People Business 
http://www.buchanan.com 
http://www.isc2.org
http://www.giac.org




More information about the Snort-users mailing list