[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-users
Subject: Re: [Snort-users] Threshold not working properly...
From: "Turnbough, Bradley E." <bturnbough () belcan ! com>
Date: 2015-11-17 16:36:39
Message-ID: 61D8E141C1A91B4587677D181DFF28EDF003600B () AWHMBX02 ! belcan ! com
[Download RAW message or body]
Nevermind.
The alerts are for different sensors, although the source and dest ip remain the \
same.
________________________________
From: Turnbough, Bradley E.
Sent: Tuesday, November 17, 2015 10:06 AM
To: snort-users@lists.sourceforge.net
Subject: Threshold not working properly...
I currently have this rule:
event_filter gen_id 0, sig_id 0, type limit, track by_src, count 1, seconds 120
Is this syntax right? I am still getting alerts for events that have occurred less \
than 120 seconds apart, with the same source IP.
Brad
_____________________________________________________________ This e-mail \
transmission contains information that is confidential and may be privileged. It is \
intended only for the addressee(s) named above. If you receive this e-mail in error, \
please do not read, copy or disseminate it in any manner. If you are not the intended \
recipient, any disclosure, copying, distribution or use of the contents of this \
information is prohibited. Please reply to the message immediately by informing the \
sender that the message was misdirected. After replying, please erase it from your \
computer system. Your assistance in correcting this error is appreciated.
------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic