[Snort-users] Re making portscan pre_processor write single line alert in snort

Vikalp Nagori vikalp.nagori at ...2151...
Sun Jan 6 21:21:02 EST 2002


The recent ver. of snort uses scan.rules instead of scan-lib, commenting that can generate 2 line alert but I am not at all using the portscan preprocessor.

Need to use portscan preprocessor & make it generate single line alert , any inputs ???

Vikalp Nagori






  Hi,

  For each portscan snort generates KBs of alert file, I am trying to make
  portscan pre_processor write single line alert.

  I tried to play around with spp_portscan.c file but could not succeed.
  The snort manual hints to comment scan-lib, but I could not find scan-lib.

  I am using snort-1.8.2 .
  Any suggestions please ..

  Thanks,

  Vikalp Nagori



   Vikalp Nagori

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020106/cc8ead76/attachment.html>


More information about the Snort-users mailing list