[Snort-devel] snort feature request

Andreas Krennmair ak at ...896...
Mon Mar 25 05:28:08 EST 2002


Brian wrote:

>According to Andreas Krennmair:
>
>>Would it be possible to implement a commandline switch for snort so that 
>>it throws away all attacks it recognizes and leaves the rest, i.e. all 
>>the regular traffic and unknown attacks.
>>
>
>You mean like a backwards IDS?  You want to only log NON attack
>packets?
>
Yes, and I want to use this in conjunction with -L, so the workaround 
doesn't help. I need this because I have pre- and postprocessors running 
on the data.

Thanks for your help and best regards,
Andreas Krennmair





More information about the Snort-devel mailing list