erek at ...577...
Mon Nov 13 23:58:09 EST 2000
Is there any way to get spp_portscan to log packets when they are
flagged as a 'scan'? As it stands now, all I'm getting is the line in
portcan.log. There are many times I _think_ I would like to be able to see
the entire packet that triggered the alarm.
I guess this question really has three parts: Can it be done? Should
it be done? Why not do it?
More information about the Snort-users