what is the difference between snort alert and snort log rule action?
Question
[ ] [1:2002973:1] Sample alert [ ] - Alert Message msg "sample message" - Log Message
Both are messages. What is the difference between these messages ?
1 answers
solution1
0 ACCPTED 2016-11-14 23:23:02
The two actions you mention do the following:
- alert Generates an alert then logs the packet
- log Just logs the packet (doesn't generate an alert)
The alert is a very simple overview of the event whereas the log is generally more detailed and contains a packet dump too.
Documentation for the rule actions can be found here
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Snort rule failing to alert to log
What is the difference between Snort rule and Emerging threats rules?
Read the alert log from snort
Specifying the rule address in Snort alert file
Snort Rule to Alert DNS that has ACK
Snort - Trying to understand how this snort rule works
Snort analysis - rule comparison
Snort rule update issue
Snort rule for ESP packets
snort log file format
Related Tags