No subject


Thu Nov 23 16:36:19 EST 2017


easily see these alerts since they will have a 0 for both unique
source and destination.  Likewise, you can further confirm these alerts
by looking at the alert name (e.g. Mini-Frag) since all those
alerts which generate "Unknown IP fields"  are well known.
Select the appropriate alerts and delete them by using the 
pre-defined "actions" at the bottom of the screen.  (Note: 
deleting from  this screen will require ACID 0.9.6b5+).

cheers,
Roman


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I have a large number of alerts in ACID with an IP address of
> UNKNOWN.  I understand that these are generated from the
> preprocessors (port scan, frag detect, etc.) but I can not figure out
> how to delete these alerts.  Any ideas how to search/delete records
> with an UNKNOWN IP field?
> 
> Thanks in advance,
> Jim Webster
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.3
> 
> iQA/AwUBOqVw4XqoKdiuIf91EQL4rQCdHGq0TxrvMj5tmIdHBce4H4y3BK8AnAnB
> 8kZBXHUD0VVFyB5jRQnGrSJi
> =aagu
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> 



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list