"pass" rules don't log but you should be able to define your own
rule type that does what you want. Check the ruletype keyword in
section 3.2.1 of the manual.
Hope that helps.
On 6/21/18 4:12 PM, Dave Osbourne
I'm tying to debug a pcre match in a pass rule, but apart from
inferring it's working when it doesn't fail I can seem to figure
out how to get snort to LOG pass rules that it finds... (so that I
know which rule is passing).
My most basic test is to set
output alert_fast: stdout
call snort like:
/usr/local/bin/snort -c /etc/snort/snortdelme.conf
-Q -i eth1:eth2
I'm (against most basically) matching a SYN packet:
pass tcp 0.0.0.0/0 any -> 192.168.X.Y 1433
(msg:"pass message"; flags: S; dsize: 0; sid:1000;)
log tcp 0.0.0.0/0 any -> 192.168.X.Y 1433
(msg:"log message"; flags: S; dsize: 0; sid:2000;)
I know the packet is flowing through the bridge - because if I
change pass/log to reject I see a message and the packet is
I just can't figure out how to make pass appear in the log!
Snort-users mailing list
Go to this URL to change user options or unsubscribe:
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette