[Snort-users] Reducing portscan allerts in logfile

Markus Gronlund markus at ...1727...
Tue Apr 3 06:33:18 EDT 2001


On Tue, 3 Apr 2001, Fyodor wrote:

> On Tue, Apr 03, 2001 at 11:24:43AM +0200, Markus Gronlund wrote:
> > Hello,
> > 
> > Is there a way to make the portscan detector silent or only make a
> > single message per portscan, not 3 diffrent allert messages, 
> > PORTSCAN DETECTED, portscan status, End of portscan...
> > 
> > Running snort in -Afast mode.. 
> > 
> 
 > You can turn off the portscan detector completely. If you want to
 > customize the messages which it gives, you will have to hack the source
 > though.

Yes, but I still want the portscan.log file, just not having the 
alert-file clutterd with portscan status alerts.
Ok, just tought I should check before making patches to the source,
then thats what Ill do. (what would one do without opensource? :->)

Thanx for the comments!





More information about the Snort-users mailing list