Logging for Snort inspection
Log entries are generated when traffic matches a Snort rule that sends a message or an alert.
By default, log entries are produced when traffic matches the following Situation elements for Snort inspection:
- Snort_Alert
- Snort_Drop
- Snort_Message
- Snort_Reject
- Snort_Timeout
You can optionally use the following Situation elements in Inspection Exception rules to create log entries when traffic matches a Snort rule that does not a message or an alert:
- Snort_Drop-Silent
- Snort_Reject-Silent
In the Logs view of the Management Client, the Snort facility shows log entries related to Snort inspection.
The following log fields show information about Snort inspection:
- Snort Message — Shows the message or alert that Snort sends when traffic matches a Snort rule.
- Snort Rule ID — Shows the rule identifier of the Snort rule that the traffic matched.