[Snort-users] Reducing portscan allerts in logfile

James Hoagland hoagland at ...47...
Sun Apr 8 12:11:47 EDT 2001


At 11:24 AM +0200 4/3/01, Markus Gronlund wrote:
>Hello,
>
>Is there a way to make the portscan detector silent or only make a
>single message per portscan, not 3 diffrent allert messages,
>PORTSCAN DETECTED, portscan status, End of portscan...
>
>Running snort in -Afast mode..

If you use SnortSnarf, it will hide these lines from you and quite 
likely facilitate you alert analysis to boot.

   http://www.silicondefense.com/snortsnarf/

-- Jim

-- 
|*   Jim Hoagland, Associate Researcher, Silicon Defense    *|
|*               hoagland at ...47...                *|
|*              http://www.silicondefense.com/              *|
|*      Silicon Defense - Technical Support for Snort       *|
|*  Voice: (530) 756-7317              Fax: (530) 756-7297  *|




More information about the Snort-users mailing list