If I only want that snort shall log only one specified rule like "scan.rules" or "ftp.rules"
Then, how can i configure that?
Im runing my snort at the command: snort -dv -c /etc/snort.snort.conf, but I want to be more specified at my rules.
Im runing snort-mysql with ACID, works perfect, but It alert to much =)
Tanx for answer!
BTW! Dont run snort at Fedora Core 2, It sux a lot. I swiched to Debian and Its works perfect.