[Snort-users] add flag to drop rules
nachum234 at ...11827...
Wed Jun 5 10:54:23 EDT 2013
I am using snort in inline mode with NFQ.
I configured all my drop rules using pulledpork with the following regex in
Now I want to add a prefix to the messages of these rules so I will know
how to search if a drop rule was triggered.
I try to add the following to modifysid.conf:
pcre:balanced-ips\ drop "\(msg:"" "\(msg:"balanced-ips ";
but it didn't do anything.
How can I add a prefix or some flag to these rules so I can search for them
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users