[Snort-users] reducing number of alerts in the portscan.log file

jlarsson at ...10160... jlarsson at ...10160...
Mon Sep 29 15:14:05 EDT 2003


I use the portscan preprocessor to detect portscans. It generates thousands of alerts 
when i for example do the following command 
nmap -sT 192.168.2.0/24 
preprocessor portscan: $EXTERNAL_NET 4 3 portscan.log 
 
this quickly makes the portscan.log file to grow uncontrollable big. I dont want to use 
to much diskspace. Is it possible to do like snortsnarf does (show what kind of 
portscan was made an how many times it has been made) through portscan or 
portscan2 directly and thus saving diskspace?? 
 
/Johan Larsson 




More information about the Snort-users mailing list