[Snort-users] Reducing portscan allerts in logfile

Fyodor fygrave at ...121...
Tue Apr 3 05:35:05 EDT 2001


On Tue, Apr 03, 2001 at 11:24:43AM +0200, Markus Gronlund wrote:
> Hello,
> 
> Is there a way to make the portscan detector silent or only make a
> single message per portscan, not 3 diffrent allert messages, 
> PORTSCAN DETECTED, portscan status, End of portscan...
> 
> Running snort in -Afast mode.. 
> 

You can turn off the portscan detector completely. If you want to customize the messages which it gives, you will have to hack the source though.




More information about the Snort-users mailing list