Continuing the discussion from Grok pattern for snort alerts:
1/03-21:37:12.106096 [] [1:249:8] DDOS mstream client to handler [] [Classification: Attempted Denial of Service] [Priority: 2] {TCP} 172.16.0.5:61301 -> 192.168.50.4:15104
Please provide some context to your issue, it is not possible to know what you are trying to do without any context.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.