[Snort-users] stream4 preprocessor question
Miller at ...6968...
Mon Sep 23 12:55:02 EDT 2002
ive been reading through the past posts and ive seen how to turn off the stream4 preprocessor, however i want to have it on to detect portscans, but i want to turn off the EVASIVE RST alerts that are being generated.
--begin snip snort.conf---
preprocessor stream4: detect_scans
---end snip snort.conf---
if i was to change the above current entry to this:
preprocessor stream4: detect_scans,noalerts
would that still log the portscans and nothing else or no? i am using snort version 1.8.7-db (Build 128)
More information about the Snort-users