[Snort-users] Search for UNKNOWN IP in ACID?
jwebster at ...425...
Tue Mar 6 18:19:57 EST 2001
-----BEGIN PGP SIGNED MESSAGE-----
I have a large number of alerts in ACID with an IP address of
UNKNOWN. I understand that these are generated from the
preprocessors (port scan, frag detect, etc.) but I can not figure out
how to delete these alerts. Any ideas how to search/delete records
with an UNKNOWN IP field?
Thanks in advance,
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.3
-----END PGP SIGNATURE-----
More information about the Snort-users