[Snort-users] Database logging for spp_portscan plugin

Paul Cardon paul at ...26...
Sat Oct 7 00:01:49 EDT 2000


Martin Roesch wrote:
> 
> I've thought for quite some time that the proper thing for the portscan
> preprocessor to do is to log the packet that caused the thing to go off, even
> if it doesn't log all of them.  There's a more than good chance that people
> are going to be interested in this packet at some time... :)

I agree on the option of logging the entire packet that sets of the
trigger.  That is one of the oldest items on my long list of things that
would make RealSecure a useful product.

-paul



More information about the Snort-users mailing list