[Snort-users] Pre-processor Tuning

Bob Wallis gobroncos at ...3420...
Mon Jan 28 13:24:06 EST 2002


It seems that my snort box is doing a good job of decoding packets with, for
instance, the unidecode pre-processor.  However, all the alerts are with
sources from my network.  Can I tune that somehow?

In rules, it's clear that one defines variables for the source that do not
include one's local network.  Can the same be done for the pre-processors?

I've looked around in confs and docs and I'm not seeing it.

Many thanks,

B





More information about the Snort-users mailing list