[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

alerts and stop

To: Hobbit <hobbit (at) hswn.dk>
Subject: alerts and stop
From: "Christopher T. Beers" <ctbeers (at) syr.edu>
Date: Thu, 27 Jan 2005 14:27:35 -0500

Is there a way to stop rules from processing after issuing an alert (maybe it already does it).

What I am looking for is specific alerts in the beginning of the file that would alert people to problems. Once the alert was issued it would stop after processing that definition (with a keyword STOP or something). This would allow me to create specific rules in the beginning of the file (for specific hosts, services, etc) and then a catchall at the bottom.

If the specific rules were triggered, the generic catch all would not be.

Chris

Follow-Ups:
- Re: [hobbit] alerts and stop
  - From: Henrik Stoerner

Prev by Date: RECOVERED keyword in alerts
Next by Date: Re: [hobbit] Valid alerts decleration?
Previous by thread: Re: [hobbit] RECOVERED keyword in alerts
Next by thread: Re: [hobbit] alerts and stop
Index(es):
- Date
- Thread