[Snort-users] maximum length for msg?
dirk at ...10648...
Fri Sep 16 00:49:03 EDT 2005
> There's no specific length maximum for the msg; as long as you keep your
> rule below 1,024 characters, you'll be fine.
are you sure about this? At least I remember this as part of decode.h:
#define ALERTMSG_LENGTH 256
So I guess more than 255 characters in the messags won't make any
sense, or? So maybe snort can read more characters from the rule
but internally it only uses up to 255...
More information about the Snort-users