[Snort-users] stream4 preprocessor question
Miller at ...6968...
Mon Sep 23 15:14:03 EDT 2002
i attempted to use this in my snort.conf file:
preprocessor stream4: detect_scans,noalerts
but it is still logging all of those EVASIVE RST alerts and driving me nuts, i still want to use stream4 for the portscan logging, is there any way to do this?
> -----Original Message-----
> From: Miller, Eoin
> Sent: Monday, September 23, 2002 3:54 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] stream4 preprocessor question
> ive been reading through the past posts and ive seen how to
> turn off the stream4 preprocessor, however i want to have it
> on to detect portscans, but i want to turn off the EVASIVE
> RST alerts that are being generated.
> --begin snip snort.conf---
> preprocessor stream4: detect_scans
> ---end snip snort.conf---
> if i was to change the above current entry to this:
> preprocessor stream4: detect_scans,noalerts
> would that still log the portscans and nothing else or no? i
> am using snort version 1.8.7-db (Build 128)
More information about the Snort-users