Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Flowbits set rule to a noalert

From: waldo kitty <wkitty42 () windstream net>
Date: Thu, 25 Jun 2015 09:58:22 -0400
On 06/25/2015 01:21 AM, Anshuman Anil Deshmukh wrote:

Hi,

With reference to the discussion thread happened (refer -
http://seclists.org/snort/2014/q2/309) could you please explain what is flowbits
set rule to a noalert  and how could we change it?


those are set to noalert so they don't fill the logs... they are intended to 
only set the flowbit so that other rules can act... there is no reason to see 
them alert... the existence of the flowbit is all the proof needed...

-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors 
network devices and physical & virtual servers, alerts via email & sms 
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: