[Snort-users] Differentiate IPS and IDS alerts

Forensix Land forensixland at ...11827...
Wed May 31 22:38:37 EDT 2017

We have both snort IPS and IDS running on the same box. Alerts from both are sent to a log source management server. What is a good way to differentiate the alerts so we can tell the dropped traffic by the logs?


More information about the Snort-users mailing list