[Snort-users] Fwd: tuning sigs priority with modifysid
martin3 at ...11827...
Mon Oct 30 12:48:04 EST 2006
It occured to me that "classtype:" would override any local priority setting.
Does that mean the only way around that is to do modifysid on
classtype and remove it or change the classtype? Any pros/cons?
---------- Forwarded message ----------
I do something like:
modifysid 4156 "sid:4156;" | "sid:4156; priority:3;"
in oinkmaster.conf to change a priority of a signature. Then I restart
everything. Check the rules files. Everything good. However the alert
still comes ing at priority 1.
I am using Mysql. Do i need to change the database entry too??
More information about the Snort-users