[Snort-users] How config Preprocessor (other than the portscan PP) to ignore c ertain hosts?

Brad.Watkins at ...9078... Brad.Watkins at ...9078...
Thu May 1 08:03:08 EDT 2003


I am running Nessus on the same subnet as my RH 7.3 box that is running
Snort 2.0 (W/SQL) and ACID.  Every time I do an audit from Nessus it floods
the logs with alerts.  I understand how to ignore hosts for the portscan
preprocessors, but how do I get the other preprocessors to ignore a host or
hosts?  Stream4 is the biggest problem as it shows all the stealth scans
that Nesses is performing.  As I understand it writing rules will not due
this as the preprocessors are acting before rules are applied.

Any help would be appreciated.

Thanks, 
Brad





More information about the Snort-users mailing list