[Snort-users] [snort-user] About Text rule parsing

Mayur Patil ram.nath241089 at ...11827...
Sun Sep 15 14:58:05 EDT 2013


Hi,

    I am having one query regarding text rules parsing in rule generator.


  1. detection_filter:track by_src,count 25, seconds 2;  gives error of

       no valid rules to convert.

   2. The negation (!) sign also get ignored by the text rule parser like
this

        ssl_state:!client_hello;

   while text rules are working actually to detect intrusion activities;

   then why generator is nor parsing them ?

   Seeking for guidance,

   Thanks !!

*--
*
*Cheers,
Mayur
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130916/c8a68d59/attachment.html>


More information about the Snort-users mailing list