Snort mailing list archives
Re: rules difficulty
From: Chris Green <cmg () uab edu>
Date: Sun, 28 Oct 2001 10:11:32 -0600
Greg Sarsons <gsarsons () home com> writes:
I'm having trouble getting my rule to do what I want. It is simple all I want is to log everything from this range ie see what traffic is coming and going from the network. the range is x.117.88.0 to x.117.95.255 I guess my confusion is over getting the correct HOME_NET and EXTERNAL_NET variables.
Try var $HOME_NET 192.117.88.0/20 var $EXTERNAL_NET !$HOME_NET If your goal is to do all traffic, I'd just use something like tcpdump and then use snort to investigate afterwards. -- Chris Green <cmg () uab edu> Fame may be fleeting but obscurity is forever. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- rules difficulty Greg Sarsons (Oct 28)
- Re: rules difficulty Martin Roesch (Oct 28)
- Re: rules difficulty Greg Sarsons (Oct 28)
- Re: rules difficulty Chris Green (Oct 28)
- How to find Snort pid for log rotate script James (Oct 28)
- Re: How to find Snort pid for log rotate script Erek Adams (Oct 28)
- RE: How to find Snort pid for log rotate script Martijn Heemels (Oct 28)
- How to find Snort pid for log rotate script James (Oct 28)
- <Possible follow-ups>
- Re: rules difficulty Jeremiah Cruit-Salzberg - HQ (Oct 28)
- Re: rules difficulty Martin Roesch (Oct 28)