[Snort-users] Segregating drop alerts
wkitty42 at ...14940...
Tue May 26 13:37:59 EDT 2015
On 05/26/2015 10:01 AM, Anshuman Anil Deshmukh wrote:
> Yes. The second rule which I mentioned is the drop. It will not log only in
> case if I set it as sdrop which is silently drop where it doesn't log it. But as
> said earlier we aren't using sdrop. Hence the alert as well as drop are getting
> logged in the log file.
why have both if both are logging and you want only one to log?
when you change the alert rule to a drop rule, you can also add "DROPPED: " to
the beginning of the message in the rule...
NOTE: No off-list assistance is given without prior approval.
Please *keep mailing list traffic on the list* unless
private contact is specifically requested and granted.
More information about the Snort-users