[Snort-users] Alerts vs. logged
Vidar Evenrud Seeberg
vseeberg at ...13806...
Wed May 10 14:43:29 EDT 2006
This may be a simple question, but I need to get my thoughts confirmed:
When Ctrl-C Snort shows a summary page where among else ALERTS and
LOGGED numbers are presented. Am I right when I interpret these numbers
as LOGGED being all true positives and false negatives detected by Snort
and ALERTS being all unique types of attacks detected? E.g. 5 detections
of attack 1, 3 detections of attack 2 and 4 detections of attack 3 gives
3 ALERTS and 12 LOGGED.
I know that there may be log-rules present in the rule set. However, in
my data set only HTTP traffic are present and all rules enabled are
alert-rules. No log-rules are present.
Looing forward to an answer.
More information about the Snort-users