Snort mailing list archives

Re: snort newbie question

From: Kiira Triea <kiira-t () mail bsasinc org>
Date: Fri, 13 Jul 2001 07:20:54 -0400 (EDT)


Sorry guys, but I've been reading the docs for about
two days now and haven't found my answer.  All I want
to do is log specific alerts to specific text files
(ie sendmail.alerts or portscan.alert).  I'm not
trying for binary loggin either.
I'm running RH 7.1 with the snort-1.7-3.i386.rpm and
have tried multiple syntaxes.  I know I'm missing
something small and probably obvious here.  Any suggestions?


Hi, this is easy - you can put a 'logto:"foobar.log";' in the 
rules you want to log seperately. So in smtp.rules  add like: 

alert tcp $EXTERNAL_NET any -> $SMTP 25 (msg:"SMTP email from Satan"; \
content:"from:satan () hell org";nocase;logto:"hotmail.log";)


Kiira 

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort newbie question twig les (Jul 12)
- Re: snort newbie question Kiira Triea (Jul 13)
- <Possible follow-ups>
- RE: snort newbie question swilcoxon (Jul 13)