Snort mailing list archives
Meaning of priority?
From: carold () gmx net
Date: Fri, 5 Jul 2002 18:56:07 +0200 (MEST)
RTFM says that "The priority tag assigns a severity level to rules." However, could somebody explain what is the functional meaning? I have verified that it is not *processing* priority. Is it just a tag for the output processing? If yes, is it not illogical that processing priority can contradict output priority, such as: alert tcp any any -> $mynet 80 (msg:"web access"; priority:3;) alert tcp any any -> $secrethost any (msg:"nobody should go there"; priority:1); In the example above, web traffic to $secrethost will be logged as priority 3 even though any traffic to this particular destination should be priority 1. Somebody could suggest that I can just swap the two rules and everything will be fine. I would agree with this particular case but not in general. Default snort rule blocks are arranged by topic (web, dns, etc.), not by priority, so it is common that less severe rules might get triggered before more severe for the same event. TIA -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Bringing you mounds of caffeinated joy. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Meaning of priority? carold (Jul 05)
- Re: Meaning of priority? Erek Adams (Jul 05)
- Re: Meaning of priority? carold (Jul 05)
- Re: Meaning of priority? Erek Adams (Jul 06)
- Re: Meaning of priority? carold (Jul 07)
- Re: Meaning of priority? carold (Jul 05)
- Re: Meaning of priority? Erek Adams (Jul 05)