Home page logo

snort logo Snort mailing list archives

Tagged packets alerts
From: Kungu Panda <kungupanda () gmail com>
Date: Tue, 14 Dec 2010 12:30:06 +0000

I am getting tagged packets alerts for rules that *do not* include the 'tag'
directive such as on sid:16313.

Also am getting tagged packets alerts for so_rules like sid:13824.  I
understand why this could be occurring -- the compiled so_rule including the
'tag' directive and is not something that can be manipulated.

I would really like to disable tagged packets alerts in their entirety;
don't need them since we perform full packet captures to disc.  Already
performing a global search and replace on all non-so_rules that come with
'tag' to eliminate the tag directive.

   snort v2.8.6.3, outputting to log_unified, alert_unified, barnyard to

Any thoughts or ideas?
Lotusphere 2011
Register now for Lotusphere 2011 and learn how
to connect the dots, take your collaborative environment
to the next level, and enter the era of Social Business.
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]