Network Security: Detailed info on Re: [Snort-users] modifying priority on certain rules

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Snort-Users

[Top] [All Lists]

Re: [Snort-users] modifying priority on certain rules

from [Christina McAghon] Network Security

[Permanent Link]

Subject:	Re: [Snort-users] modifying priority on certain rules
Date:	Wed, 22 Feb 2006 11:42:54 -0500

I think I figured out the problem.   I am using Barnyard to log the events 
to a database.  In the signature table, there was an existing entry for 
the sig id, which had the lower priority.  Once I removed it from the 
signature table, it recreated it with the higher priority.

Has anyone else seen this?  If so, do you manually purge/update the entry 
in the signature table?

Thanks,
Christina

Andreas Östling <andreaso@it.su.se> wrote on 02/22/2006 03:31:32 AM:


On Tuesday 21 February 2006 23:52, Christina McAghon wrote:

Thanks for the feedback.  However, the problem isn't with how I
change the rule, it's the fact that the updated priority isn't taking
effect.


In that case I don't know what the problem is. I do exactly the same 
thing and it works for me :)

/Andreas

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-users] modifying priority on certain rules, Christina McAghon Re: [Snort-users] modifying priority on certain rules, sekure Re: [Snort-users] modifying priority on certain rules, Andreas Östling Re: [Snort-users] modifying priority on certain rules, Christina McAghon Re: [Snort-users] modifying priority on certain rules, Andreas Östling Re: [Snort-users] modifying priority on certain rules, Dirk Geschke Re: [Snort-users] modifying priority on certain rules, Christina McAghon <= Re: [Snort-users] modifying priority on certain rules, Frank Knobbe

Previous by Date:	[Snort-users] Help with oinkmaster, CasperLinux
Next by Date:	[Snort-users] Help with installing on RH4 R2, Eric Langheinrich
Previous by Thread:	Re: [Snort-users] modifying priority on certain rules, Dirk Geschke
Next by Thread:	Re: [Snort-users] modifying priority on certain rules, Frank Knobbe
Indexes:	[Date] [Thread] [Top] [All Lists]