[Snort-users] possible Snort 2.0 bug
mkettler at ...4108...
Fri May 9 10:17:06 EDT 2003
At 12:48 AM 5/9/2003 -0300, Shoshin wrote:
>** but if I add an alert test rule to snort.conf ( alert tcp any any ->
>any any )
> and run the same IDS MODE command, then it creates log files and adds to
> the alert file !!
>So what is wrong with IDS MODE, it should be logging traffic even if there
>are no alerts ????
IDS mode shouldn't log without there being alerts, however the test rule
you describe makes EVERY tcp/ip packet an alert.
alert tcp any any -> any any should more-or-less turn snort into a "log
everything", with the only exception being that udp and icmp traffic won't
So what makes you conclude that there are "no alerts"?
More information about the Snort-users