Re making portscan pre_processor write single line alert in snort

["Vikalp Nagori" <vikalp.nagori () vinciti com>]

The recent ver. of snort uses scan.rules instead of scan-lib, commenting that can generate 2 line alert but I am not at 
all using the portscan preprocessor.

Need to use portscan preprocessor & make it generate single line alert , any inputs ???

Vikalp Nagori






  Hi,

  For each portscan snort generates KBs of alert file, I am trying to make
  portscan pre_processor write single line alert.

  I tried to play around with spp_portscan.c file but could not succeed.
  The snort manual hints to comment scan-lib, but I could not find scan-lib.

  I am using snort-1.8.2 .
  Any suggestions please ..

  Thanks,

  Vikalp Nagori



   Vikalp Nagori