[Snort-users] Segregating drop alerts [RESOLVED]

Anshuman Anil Deshmukh anshuman at ...16510...
Wed May 27 09:20:39 EDT 2015

Great. Thank you. Pulledpork modifysid was able to meet by objective.


-----Original Message-----
From: waldo kitty [mailto:wkitty42 at ...14940...]
Sent: Wednesday, May 27, 2015 4:32 AM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Segregating drop alerts

On 05/26/2015 02:38 PM, Anshuman Anil Deshmukh wrote:
> Hi,
> I never said I just want one to log. I am already logging both.

sorry... i obviously misunderstood your problem... i thought you were having problems determining which was which in the logs so i figured to just eliminate the alert one since it is wasting cycles...

> I am adding the drop statement using pulledpork dropsid.conf and not doing it manually.


> Can you tell me how I can add "Dropped to" statement to the beginning of the message in the rule using pulledpork?

modifysid should be able to do this for you...

  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!
"Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or attachment." www.cybage.com

More information about the Snort-users mailing list