[Snort-devel] spp_portscan and its logging stuff

Steve Halligan agent33 at ...269...
Thu Apr 26 16:55:16 EDT 2001


OK...we can only rely on the packet triggering the alert being in p for the
Start of the portscan, or so it seems to me.  So, to get this source address
in the source address field in database we can use the following:
 
 Index: spp_portscan.c
 ===================================================================
 RCS file: /cvsroot/snort/snort/spp_portscan.c,v
 retrieving revision 1.24
 diff -r1.24 spp_portscan.c
 953c953
 <                 CallAlertFuncs(NULL , logMessage, NULL);
 ---
 >                 CallAlertFuncs(p , logMessage, NULL);
 




More information about the Snort-devel mailing list