[Snort-users] Hard choice: Preprocessor or Tagging
michael.boman at ...4162...
Mon Sep 2 08:22:02 EDT 2002
-----BEGIN PGP SIGNED MESSAGE-----
On Monday 02 September 2002 22:35, Chris Green wrote:
> Michael Boman <michael.boman at ...4162...> writes:
> > Hi all,
> > Is there any particular reason why preprocessors only get into the
> > 'alert' facility and never get passed on to the 'log' facility?
> Which preprocessor? The only ones that only call alerts are things
> like portscans to my knowledge.
Yupp. Portscan is the one.. Don't run SPADE and don't see so much stream4
activity anyway so I wouldn't know.
Is there any way to get tagged packets to have a signature name like 'tagged
packet' or something?
I've hacked the sourcecode of spo_database.c so it ignores the BFP part. It's
an easy hack but if anyone wants a diff file please let me know.
Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the Snort-users