[Snort-users] Reducing portscan allerts in logfile
hoagland at ...47...
Sun Apr 8 12:11:47 EDT 2001
At 11:24 AM +0200 4/3/01, Markus Gronlund wrote:
>Is there a way to make the portscan detector silent or only make a
>single message per portscan, not 3 diffrent allert messages,
>PORTSCAN DETECTED, portscan status, End of portscan...
>Running snort in -Afast mode..
If you use SnortSnarf, it will hide these lines from you and quite
likely facilitate you alert analysis to boot.
|* Jim Hoagland, Associate Researcher, Silicon Defense *|
|* hoagland at ...47... *|
|* http://www.silicondefense.com/ *|
|* Silicon Defense - Technical Support for Snort *|
|* Voice: (530) 756-7317 Fax: (530) 756-7297 *|
More information about the Snort-users