[Snort-users] inverse snort rule
ygokirmak at ...11827...
Fri May 22 03:27:55 EDT 2009
I am a new user of snort, I have a question about snort usage.
I have a file of pcap data ( read vie tcpdump -r)
Assume we have some rules A,B,C,D and E.
I want to log unrecognized packets, I mean,
Packets which matches none of the A,B,C,D,E rules...
is it possible,
Can I take the inverse of the whole rule to create new rule like " !A and !B
and !C and !D and !E" ?
thanks in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users