[Snort-users] Reducing portscan allerts in logfile
markus at ...1727...
Tue Apr 3 06:33:18 EDT 2001
On Tue, 3 Apr 2001, Fyodor wrote:
> On Tue, Apr 03, 2001 at 11:24:43AM +0200, Markus Gronlund wrote:
> > Hello,
> > Is there a way to make the portscan detector silent or only make a
> > single message per portscan, not 3 diffrent allert messages,
> > PORTSCAN DETECTED, portscan status, End of portscan...
> > Running snort in -Afast mode..
> You can turn off the portscan detector completely. If you want to
> customize the messages which it gives, you will have to hack the source
Yes, but I still want the portscan.log file, just not having the
alert-file clutterd with portscan status alerts.
Ok, just tought I should check before making patches to the source,
then thats what Ill do. (what would one do without opensource? :->)
Thanx for the comments!
More information about the Snort-users