On Sat, Jun 13, 2009 at 18:56, MySQL Student<mysqlstud...@gmail.com> wrote:
> > I also see BOTNET_NORDNS in Botnet.cf, but it isn't being triggered. It's > also weighted at 0.0. Is there a reason for this? There's two ways to use Botnet: 1) one big rule (BOTNET) that rolls up all of the sub-rule scores. 2) triggering each individual rule separately (BOTNET_*). You shouldn't do both, or you'll be double-scoring. By default, Botnet is set up to do the first method, so the individual rules are all scored at 0.
