Snort mailing list archives
Re: Snort 1.9 problem
From: Bennett Todd <bet () rahul net>
Date: Tue, 22 Oct 2002 09:11:42 -0400
2002-10-21-16:24:35 Security Admin:
The problem I am having is it is logging portscans to my database from IP's which are in my preprocessor portscan ignore-hosts list. [...] I have turned on the new Portscan2 preprocessor, and all the alerts from these IP's show as (spp_portscan2). Is there some way to exclude IP addresses from the Portscan2 preprocessor, [...]
Thanks to Erek Adams for pointing this out to me; you need: preprocessor portscan2-ignorehosts: ... ^ | i.e. for the portscan2 preprocessor, the -ignorehosts directive was renamed to match. -Bennett
Attachment:
_bin
Description:
Current thread:
- Snort 1.9 problem Security Admin (Oct 21)
- Re: Snort 1.9 problem Alberto Gonzalez (Oct 21)
- Re: Snort 1.9 problem Bennett Todd (Oct 22)