[Snort-users] Identify trigger of a drop rule
nachum234 at ...11827...
Mon Apr 15 06:56:05 EDT 2013
I am using snort version 2.9.4 in inline mode using NFQ. I configure
barnyard2 to send all alerts to my graylog2 server.
I want to create a stream in graylog2 that will display all the drop
alerts, is it possible?
I created a dummy rule that drop all traffic to port 443. The rule works
fine but the alert I get in syslog is the same alert as regular snort
alert. is there any way to distinguish the drop alerts?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users