[Snort-users] Segregating drop alerts

waldo kitty wkitty42 at ...14940...
Tue May 26 13:37:59 EDT 2015


On 05/26/2015 10:01 AM, Anshuman Anil Deshmukh wrote:
> Yes. The second rule which I mentioned  is the drop. It will not log only in
> case if I set it as sdrop which is silently drop where it doesn't log it. But as
> said earlier we aren't using sdrop. Hence the alert as well as drop are getting
> logged in the log file.

why have both if both are logging and you want only one to log?

when you change the alert rule to a drop rule, you can also add "DROPPED: " to 
the beginning of the message in the rule...


-- 
  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.




More information about the Snort-users mailing list