You Are Here : Forums Sunday, July 06, 2008
     
Activeworx.org Forums
 
  Forum  IDS Policy Mana...  IDS Policy Mana...  Custom Ruletype log_null usage
Previous Previous
 
Next Next
New Post 4/11/2008 2:51 PM
  krypticet
13 posts
10th Level Poster


Custom Ruletype log_null usage 
Modified By krypticet on 4/11/2008 10:08:12 AM)

Hello, I've been experimenting using custom ruletypes (now that 2.8.1 doesn't crash when defining them). I currently have all rules outputing to unified for processing by barnyard into BASE. I wanted to be able to have certain rules only output to a specific file, and not go into the unified output. According to the Snort Docs, I would do this using a custom ruletype, specifying 2 outputs, specifically using the output types a l e r t_f a s t and l o g_n u l l. I'm able to do this manually, but can't figure out to do it via IDSPM.  Is there a specific way to accomplish this?  Thanks in advance.
 
New Post 4/11/2008 3:09 PM
  krypticet
13 posts
10th Level Poster


Re: Custom Ruletype log_null usage 

When I tried to make this post, it kept chopping my content, appears that a l e r t_f a s t isn't allowed, so I inserted spaces.
 
 Page 1 of 1
Previous Previous
 
Next Next
  Forum  IDS Policy Mana...  IDS Policy Mana...  Custom Ruletype log_null usage
 
 
Copyright 2000-2007 by Activeworx, Inc.
All trademarks and copyrights on this page are owned by their respective owners.