P. 1
Snort Manual

Snort Manual

|Views: 362|Likes:
Published by Jose Chuncano

More info:

Published by: Jose Chuncano on Sep 11, 2012
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

06/02/2013

pdf

text

original

Table 3.12: Post-detection rule option keywords

Keyword

Description

logto

The logto keyword tells Snort to log all packets that trigger this rule to a special output log file.

session

The session keyword is built to extract user data from TCP Sessions.

resp

The resp keyword is used attempt to close sessions when an alert is triggered.

react

This keyword implements an ability for users to react to traffic that matches a Snort rule by closing
connection and sending a notice.

tag

The tag keyword allow rules to log more than just the single packet that triggered the rule.

activates

This keyword allows the rule writer to specify a rule to add when a specific network event occurs.

activated by

This keyword allows the rule writer to dynamically enable a rule when a specific activate rule is
triggered.

count

This keyword must be used in combination with the activated by keyword. It allows the rule writer
to specify how many packets to leave the rule enabled for after it is activated.

replace

Replace the prior matching content with the given string of the same length. Available in inline mode
only.

detection filter

Track by source or destination IP address and if the rule otherwise matches more than the configured
rate it will fire.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->