snort not posting priority
I have snort running and I would like to have swatch preform specific actions after receiving a warning from snort. On my old system, snort always gave me a [Priority: 1, 2, 3 etc] error which is what I would like snort to watch for. On this new install, my logs look like this:
Code:
Feb 3 07:11:27 linux snort: [119:2:1] (http_inspect) DOUBLE DECODING ATTACK {TCP} offending ip:3787 -> myip:80 R |
I think the priorty is only placed at the end and does not replace the IDs like [119:2:1]. Its also a guess that these smaller types of web attacks dont have a priority on them, the reason why I saw the priorities on others was because I was using standard ports for applications and my firewall was kaka..
|
All times are GMT -5. The time now is 08:52 AM. |