[Snort-users] A simple question........

Pedro Fortuna pedro.fortuna at ...11827...
Mon Sep 13 04:04:18 EDT 2004


Hello,

1) In these cases, only the highest priority rule will generate an alert.
2) I dont know the answer for sure, but my guess is:
    - if the two rules are equal except for the SID, you'll get two alerts
    - if the two rules are completly equal (SID included), you'll get
an error on snort start.
 
-Pedro Fortuna

----- Original Message -----
From: Dennis George <easyeinfo at ...131...>
Date: Mon, 13 Sep 2004 02:44:08 -0700 (PDT)
Subject: [Snort-users] A simple question........
To: snort-users at lists.sourceforge.net


Hi all,
 
I think it will be simple question............ But I am slighlty
confused..........
 
1) If in my rule file I have 3 rules and in a packet all the 3 rules
get satisfied... do I get all the three alerts ??
 
2) If I have two identical rules then does snort discard one of the
rule or generate two alerts when that rule is satisfied ???
 
thanks in advance
 
Dennis

________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!




More information about the Snort-users mailing list