Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Rules order

From: Fermin Galan Marquez <galan () dit upm es>
Date: Sun, 14 Oct 2001 00:45:17 +0200 (CEST)

Hello everyone.

I need to know some details of rules behavior.

When a packet match two o more log rules, one more
specific than the others, what rules take
preference logging the packet?

For example, if I have this two rules in my snort.conf:

        log tcp any any <> any 80 (msg: "Web traffic"; logto: "web.log";)
        log ip any any -> any any (logto: "flow.log";)

and a TCP segment to port 80 arrives to my interface, in
which file would be logged: web.log, flow.log or both?

Thanks for your time.

------------
Fermín Galán
galan () dit upm es
http://www.dit.upm.es/~galan


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: