[Snort-users] 'conifg stateful' option
wkitty42 at ...14940...
Wed Nov 13 18:59:55 EST 2013
On 11/13/2013 6:17 PM, Jeremy Hoel wrote:
> We noticed that our snort boxes didn't trigger on a rule that was
> reported by an upstream provider. Taking the pcaps and playing them
> back against a stock snort.conf shows that the rule triggers. Once of
> the differences between the configs is that ours included "config
> stateful". From most of the documentation, this is a holdover from the
> stream4 processor and we are configured to use stream5 (184.108.40.206), but
> when that statement was in the config, the udp packets wouldn't
> trigger the rule. Comment it out and it did.
do you still have any stream4 config stuff in your configs? i've been under the
impression that since stream5 came out, all stream4 stuff should be completely
removed from one's config...
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
More information about the Snort-users