Thu Nov 23 16:36:19 EST 2017
easily see these alerts since they will have a 0 for both unique
source and destination. Likewise, you can further confirm these alerts
by looking at the alert name (e.g. Mini-Frag) since all those
alerts which generate "Unknown IP fields" are well known.
Select the appropriate alerts and delete them by using the
pre-defined "actions" at the bottom of the screen. (Note:
deleting from this screen will require ACID 0.9.6b5+).
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> I have a large number of alerts in ACID with an IP address of
> UNKNOWN. I understand that these are generated from the
> preprocessors (port scan, frag detect, etc.) but I can not figure out
> how to delete these alerts. Any ideas how to search/delete records
> with an UNKNOWN IP field?
> Thanks in advance,
> Jim Webster
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.3
> -----END PGP SIGNATURE-----
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
This message was sent using Voicenet WebMail.
More information about the Snort-users