[Snort-users] Question about log-rules

Maetzky, Steffen (Extern) Steffen.Maetzky at ...11508...
Mon Jul 19 06:40:06 EDT 2004


Hi,

I have read that it should be possible to access the logging mode directly
by using the log (ok!) or dynamic keyword or as a second action by using the
alert (?) keyword.
(Snort Intrusion Detection 2.0, Chapter 4: Intrusion Detection Mode, german
version)

The second possibility confuses me! Why alert? Is it a translation error? Is
it possible to write alert-rules which logs package-data? 
I have tried to find some examples but the rule-package from snort.org
doesn't help me.

Can someone help me out with examples for log-rules without using log
directly?  

Thanks, 

Steffen




More information about the Snort-users mailing list