[Snort-users] Question about alert logging

Francois Gaudreault fgaudreault at ...13341...
Thu Sep 13 18:38:00 EDT 2012


I am just curious if anybody on the list have seen this problem before. 
With Snort 2.9.1 (I know, I am couple versions behind), an alert, 
regardless of the rule, will be logged in the alert file only once even 
if there is a valid threshold in the rule (ie. 300sec, type both, track 
by_src).  I am using the emerging threats ruleset.

Can it be a config issue?  I am using almost the stock config.

Thanks for your help.

Francois Gaudreault, ing. jr
fgaudreault at ...13341...  ::  +1.514.447.4918 (x130) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 

More information about the Snort-users mailing list