Snort mailing list archives

Previous By Date Next
Previous By Thread Next

How do I log all traffic other than X and Y

From: Mohamed LRHAZI <mohamed () lrhazi com>
Date: Wed, 4 Jul 2001 15:26:31 -0400
Hi, 

It s me again with another newbie question... sorry.

How do I log all traffic other than ftp and http?

I tried this but doesnt seem to log anything :

ruletype unknwn
{
 type log
 output log_tcpdump: unknown.log
}

ruletype icmplog
{
 type log
 output log_tcpdump: icmp.log
}


httplog tcp any any -> $badguy 80 (msg: "HTTP_LOG; flags:S;)
unknwn tcp any any -> $badguy :19 (msg: "Unknown_LOG; flags:*;)
unknwn tcp any any -> $badguy 22:79 (msg: "Unknown_LOG; flags:*;)
unknwn tcp any any -> $badguy 81: (msg: "Unknown_LOG; flags:*;)
unknwn udp any any -> $badguy any (msg: "Unknown_LOG; )
icmplog icmp any any -> $badguy any (msg: "ICMP_LOG; )

Thank you very much.
Mohamed~


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: