Re: Hard choice: Preprocessor or Tagging

[Michael Boman <michael.boman () securecirt com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 02 September 2002 22:35, Chris Green wrote:
> Michael Boman <michael.boman () securecirt com> writes:
> > Hi all,
> >
> > Is there any particular reason why preprocessors only get into the
> > 'alert' facility and never get passed on to the 'log' facility?
>
> Which preprocessor?  The only ones that only call alerts are things
> like portscans to my knowledge.

Yupp. Portscan is the one.. Don't run SPADE and don't see so much stream4 
activity anyway so I wouldn't know.

Is there any way to get tagged packets to have a signature name like 'tagged 
packet' or something?

PS:
 I've hacked the sourcecode of spo_database.c so it ignores the BFP part. It's 
an easy hack but if anyone wants a diff file please let me know.
DS

Best regards
 Michael Boman

- -- 
Michael Boman
Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
http://www.securecirt.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9c39Nds5fQJiraJwRAsgrAJ9EaRWJETXe47wllelRLji9DKO/OwCg1Z20
ctPtcdnpVUVd6wXK4kOL1+A=
=5kAc
-----END PGP SIGNATURE-----



-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users