[Snort-users] Snort sdrop

Joao Daniel Neves joaodanielnevesss at ...125...
Mon Apr 22 12:09:12 EDT 2013


Joel,

Thnak you! I'm working on how to put snort in in line mode. I'm getting some erros. 


From: jesler at ...1935...
Subject: Re: [Snort-users] Snort sdrop
Date: Mon, 22 Apr 2013 09:46:36 -0400
To: joaodanielnevesss at ...125...

On Apr 22, 2013, at 9:43 AM, Joao Daniel Neves <joaodanielnevesss at ...125...> wrote:I don't want register this events from this source. If I could drop/block this package it would be great. So I tought that sdrop was a good way to accomplish that. But for some reason it is not working. Do you have some clues ?What came to my mind is something about the order that snort read the rules. Is it possible to make snort read first local.rules ?
I think what you are looking for is "config order".  http://manual.snort.org/node16.html.
But you must be in inline mode for sdrop to work in the first place.
--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130422/99f4c49d/attachment.html>


More information about the Snort-users mailing list