[Snort-users] keeping certain rules from logging packets

Long, Kerry S kslong at ...312...
Fri Apr 11 10:03:54 EDT 2014


I am trying to determine in this is possible:





I have some alerts that are quite noisy, but I want these rules noisy.  I however do not want them to log packets.  I have other rules I most definitely want the packets logged for.  I can't figure out how to keep some of my "alert" messages from logging packets.

I can eliminate all packet logging by using the "-N" switch, but that is counterproductive.   Any advice would be appreciated.







Kerry

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140411/386d7f31/attachment.html>


More information about the Snort-users mailing list