[Snort-devel] snort feature request

Andreas Krennmair ak at ...896...
Mon Mar 25 05:28:08 EST 2002

Brian wrote:

>According to Andreas Krennmair:
>>Would it be possible to implement a commandline switch for snort so that 
>>it throws away all attacks it recognizes and leaves the rest, i.e. all 
>>the regular traffic and unknown attacks.
>You mean like a backwards IDS?  You want to only log NON attack
Yes, and I want to use this in conjunction with -L, so the workaround 
doesn't help. I need this because I have pre- and postprocessors running 
on the data.

Thanks for your help and best regards,
Andreas Krennmair

More information about the Snort-devel mailing list