Snort mailing list archives
Log questions
From: Phil <foo_bar_00 () yahoo com>
Date: Mon, 6 Aug 2001 00:05:47 -0700 (PDT)
Snort users, I have some questions about my logs: For starters I have a directory under /var/log/snortlogs which is my own external IP address. Everything under the directory is one of the following two: Possible RETRANSMISSION detection [**] EVASIVE RST detection [**] I also have directories for INTERNAL addresses (hom_net is set to my external address while external_net is set to everythign else). I see how this is possible since it's not my home_net, but since I NAT everything with IPFilter, this seems strange. The internal address logs are for the same two things. So my 2 question are: 1. why are there so many of those two kinds of logs. Are they false alarms? Are they bugs? 2. why are my external address (which is HOME_NET) and even my internal NAT'd address getting in the logs. Thanks, Phil __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Log questions Phil (Aug 06)
- RE: Log questions Jyri Hovila (Aug 06)
- Re: Log questions Martin Roesch (Aug 06)
- <Possible follow-ups>
- Re: Log questions Phil (Aug 18)
- Re: Log questions Martin Roesch (Aug 18)
- Re: Log questions Phil (Aug 29)
- Re: Log questions Martin Roesch (Aug 29)
- Re: Log questions Phil (Aug 29)
- Re: Log questions Martin Roesch (Aug 18)