[Snort-users] Snort 1.9 problem

Bennett Todd bet at ...6163...
Tue Oct 22 06:18:03 EDT 2002


2002-10-21-16:24:35 Security Admin:
> The problem I am having is it is logging portscans to my database
> from IP's which are in my preprocessor portscan ignore-hosts list.
> [...] I have turned on the new Portscan2 preprocessor, and all the
> alerts from these IP's show as (spp_portscan2). Is there some way
> to exclude IP addresses from the Portscan2 preprocessor, [...]

Thanks to Erek Adams for pointing this out to me; you need:

	preprocessor portscan2-ignorehosts: ...
	                     ^
	                     |

i.e. for the portscan2 preprocessor, the -ignorehosts directive was
renamed to match.

-Bennett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20021022/726f7179/attachment.sig>


More information about the Snort-users mailing list