[Snort-users] Hard choice: Preprocessor or Tagging

Michael Boman michael.boman at ...4162...
Mon Sep 2 08:22:02 EDT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 02 September 2002 22:35, Chris Green wrote:
> Michael Boman <michael.boman at ...4162...> writes:
> > Hi all,
> >
> > Is there any particular reason why preprocessors only get into the
> > 'alert' facility and never get passed on to the 'log' facility?
>
> Which preprocessor?  The only ones that only call alerts are things
> like portscans to my knowledge.

Yupp. Portscan is the one.. Don't run SPADE and don't see so much stream4 
activity anyway so I wouldn't know.

Is there any way to get tagged packets to have a signature name like 'tagged 
packet' or something?

PS:
 I've hacked the sourcecode of spo_database.c so it ignores the BFP part. It's 
an easy hack but if anyone wants a diff file please let me know.
DS

Best regards
 Michael Boman

- -- 
Michael Boman
Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
http://www.securecirt.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9c39Nds5fQJiraJwRAsgrAJ9EaRWJETXe47wllelRLji9DKO/OwCg1Z20
ctPtcdnpVUVd6wXK4kOL1+A=
=5kAc
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list