[Oisf-users] Why one request, two alerts(logs in fast.log)?
郑博文
anshuitian at gmail.com
Mon Jan 14 05:56:26 UTC 2013
Hello, all:
I use suricata in IPS mode, I send a GET request to the server which
the IPS protected, and the request touch off the 20000001 sig,
20000001 signature is: drop http any any -> any any (msg:"http test for
2000001"; content:"20000001"; sid:2000001; rev:1;)
but there are two same logs in fast.log generated(whatever the action
type of the signature is, there are two same logs.),like this:
but, I capture packets by Wireshark, like this:
Why?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130114/fee6795d/attachment-0001.html>
More information about the Oisf-users
mailing list