Pre-processor Tuning

["Bob Wallis" <gobroncos () chartermi net>]

It seems that my snort box is doing a good job of decoding packets with, for
instance, the unidecode pre-processor.  However, all the alerts are with
sources from my network.  Can I tune that somehow?

In rules, it's clear that one defines variables for the source that do not
include one's local network.  Can the same be done for the pre-processors?

I've looked around in confs and docs and I'm not seeing it.

Many thanks,

B


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users