[Snort-users] Fwd: tuning sigs priority with modifysid

martin martin3 at ...11827...
Mon Oct 30 12:48:04 EST 2006


It occured to me that  "classtype:" would override any local priority setting.
Does that mean the only way around that is to do modifysid on
classtype and remove it or change the classtype? Any pros/cons?
thanks

---------- Forwarded message ----------



I do something like:

modifysid 4156 "sid:4156;" | "sid:4156; priority:3;"

in oinkmaster.conf to change a priority of a signature. Then I restart
everything. Check the rules files. Everything good. However the alert
still comes ing at priority 1.
I am using Mysql. Do i need to change the database entry too??

TIA




More information about the Snort-users mailing list