Rule Options
103
IP packet ID is 33822.
Length of IP header is 20 bytes.
Length of the packet is 60 bytes.
ICMP type filed value is 8.
ICMP code value is 0.
ICMP ID value is 768.
ICMP Sequence field value is 9217.
The ECHO part shows that this is an ICMP ECHO packet.
The remaining part of the log shows the data that follows the ICMP header.
There are a few things to remember when you use this option:
Don't use the full path with the file name. The file will automatically be created
in the log directory which is
/var/log/snort by default.
Don't use a space character after the colon character used with logto keyword.
If you use a space character, it is considered part of the file name. If you use a
space character for clarity, enclose the file name in double quotation marks.
3.6.18 The msg Keyword
The msg keyword in the rule options is used to add a text string to logs and alerts.
You can add a message inside double quotations after this keyword. The msg keyword
is a common and useful keyword and is part of most of the rules. The general form for
using this keyword is as follows:
msg: "Your message text here";
If you want to use some special character inside the message, you can escape them
by a backslash character.
3.6.19 The nocase Keyword
The nocase keyword is used in combination with the content keyword. It has no
arguments. Its only purpose is to make a case insensitive search of a pattern within the
data part of a packet.
3.6.20 The priority Keyword
The priority keyword assigns a priority to a rule. Priority is a number argument to
this keyword. Number 1 is the highest priority. The keyword is often used with the
classtype keyword. The following rule has a priority 10:
footer
Our partners:
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Java Hosting
Cheapest Hosting
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved