[Snort-users] Question about alert logging
fgaudreault at ...13341...
Thu Sep 13 18:38:00 EDT 2012
I am just curious if anybody on the list have seen this problem before.
With Snort 2.9.1 (I know, I am couple versions behind), an alert,
regardless of the rule, will be logged in the alert file only once even
if there is a valid threshold in the rule (ie. 300sec, type both, track
by_src). I am using the emerging threats ruleset.
Can it be a config issue? I am using almost the stock config.
Thanks for your help.
Francois Gaudreault, ing. jr
fgaudreault at ...13341... :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
More information about the Snort-users