[Snort-users] Hard choice: Preprocessor or Tagging
cmg at ...1935...
Mon Sep 2 08:55:34 EDT 2002
[ please obey Reply-to: ]
Michael Boman <michael.boman at ...4162...> writes:
>> Which preprocessor? The only ones that only call alerts are things
>> like portscans to my knowledge.
We could log the packet as well, it doesn't make a lot of sense out of
context but it is doable.
> Yupp. Portscan is the one.. Don't run SPADE and don't see so much stream4
> activity anyway so I wouldn't know.
> Is there any way to get tagged packets to have a signature name like 'tagged
> packet' or something?
I don't know about the database output plugin. They are meant to be
logged based off the event id that triggered them.
> I've hacked the sourcecode of spo_database.c so it ignores the BFP part. It's
> an easy hack but if anyone wants a diff file please let me know.
Make it a option in the output line and I'll include it.
Chris Green <cmg at ...1935...>
This is my signature. There are many like it but this one is mine.
More information about the Snort-users