[Snort-users] Alerts vs. logged

Vidar Evenrud Seeberg vseeberg at ...13806...
Wed May 10 14:43:29 EDT 2006


Hello gurus!

This may be a simple question, but I need to get my thoughts confirmed:

When Ctrl-C Snort shows a summary page where among else ALERTS and
LOGGED numbers are presented. Am I right when I interpret these numbers
as LOGGED being all true positives and false negatives detected by Snort
and ALERTS being all unique types of attacks detected? E.g. 5 detections
of attack 1, 3 detections of attack 2 and 4 detections of attack 3 gives
3 ALERTS and 12 LOGGED.

I know that there may be log-rules present in the rule set. However, in
my data set only HTTP traffic are present and all rules enabled are
alert-rules. No log-rules are present.

Looing forward to an answer.

Regards
Vidar S.





More information about the Snort-users mailing list