[Snort-users] Question about log-rules
Maetzky, Steffen (Extern)
Steffen.Maetzky at ...11508...
Mon Jul 19 06:40:06 EDT 2004
I have read that it should be possible to access the logging mode directly
by using the log (ok!) or dynamic keyword or as a second action by using the
alert (?) keyword.
(Snort Intrusion Detection 2.0, Chapter 4: Intrusion Detection Mode, german
The second possibility confuses me! Why alert? Is it a translation error? Is
it possible to write alert-rules which logs package-data?
I have tried to find some examples but the rule-package from snort.org
doesn't help me.
Can someone help me out with examples for log-rules without using log
More information about the Snort-users