[Snort-devel] snort feature request
ak at ...896...
Mon Mar 25 05:28:08 EST 2002
>According to Andreas Krennmair:
>>Would it be possible to implement a commandline switch for snort so that
>>it throws away all attacks it recognizes and leaves the rest, i.e. all
>>the regular traffic and unknown attacks.
>You mean like a backwards IDS? You want to only log NON attack
Yes, and I want to use this in conjunction with -L, so the workaround
doesn't help. I need this because I have pre- and postprocessors running
on the data.
Thanks for your help and best regards,
More information about the Snort-devel