[Snort-users] Snort 1.9 problem
bet at ...6163...
Tue Oct 22 06:18:03 EDT 2002
2002-10-21-16:24:35 Security Admin:
> The problem I am having is it is logging portscans to my database
> from IP's which are in my preprocessor portscan ignore-hosts list.
> [...] I have turned on the new Portscan2 preprocessor, and all the
> alerts from these IP's show as (spp_portscan2). Is there some way
> to exclude IP addresses from the Portscan2 preprocessor, [...]
Thanks to Erek Adams for pointing this out to me; you need:
preprocessor portscan2-ignorehosts: ...
i.e. for the portscan2 preprocessor, the -ignorehosts directive was
renamed to match.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the Snort-users