[Snort-users] Re making portscan pre_processor write single line alert in snort
vikalp.nagori at ...2151...
Sun Jan 6 21:21:02 EST 2002
The recent ver. of snort uses scan.rules instead of scan-lib, commenting that can generate 2 line alert but I am not at all using the portscan preprocessor.
Need to use portscan preprocessor & make it generate single line alert , any inputs ???
For each portscan snort generates KBs of alert file, I am trying to make
portscan pre_processor write single line alert.
I tried to play around with spp_portscan.c file but could not succeed.
The snort manual hints to comment scan-lib, but I could not find scan-lib.
I am using snort-1.8.2 .
Any suggestions please ..
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users