Re: Snort 1.9 problem

[Bennett Todd <bet () rahul net>]

2002-10-21-16:24:35 Security Admin:
> The problem I am having is it is logging portscans to my database
> from IP's which are in my preprocessor portscan ignore-hosts list.
> [...] I have turned on the new Portscan2 preprocessor, and all the
> alerts from these IP's show as (spp_portscan2). Is there some way
> to exclude IP addresses from the Portscan2 preprocessor, [...]

Thanks to Erek Adams for pointing this out to me; you need:

        preprocessor portscan2-ignorehosts: ...
                             ^
                             |

i.e. for the portscan2 preprocessor, the -ignorehosts directive was
renamed to match.

-Bennett

Attachment: _bin
Description: