Snort mailing list archives

Previous By Date Next
Previous By Thread Next

reducing number of alerts in the portscan.log file

From: jlarsson () altavoz net
Date: Mon, 29 Sep 2003 18:12:47 -0400 (CLT)
I use the portscan preprocessor to detect portscans. It generates thousands of alerts 
when i for example do the following command 
nmap -sT 192.168.2.0/24 
preprocessor portscan: $EXTERNAL_NET 4 3 portscan.log 
 
this quickly makes the portscan.log file to grow uncontrollable big. I dont want to use 
to much diskspace. Is it possible to do like snortsnarf does (show what kind of 
portscan was made an how many times it has been made) through portscan or 
portscan2 directly and thus saving diskspace?? 
 
/Johan Larsson 


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: