Snort mailing list archives
Re: Minimize logging
From: Phil Wood <cpw () lanl gov>
Date: Fri, 4 Jan 2002 08:28:30 -0700
On Thu, Jan 03, 2002 at 10:17:54PM -0800, Rinaldi Montessi wrote:
Currently all outgoing traffic is being logged; e.g. http, smtp, news etc. I want to only log traffic coming in. This is a single user machine. From what I've read the way to do this is to add the following to the /etc/snort/local.rules: pass EXTERNAL_NET any -> any any # this is on eth1
Outgoing traffic from your single host would be: pass ip <your_host_address> any -> any any where <your_host_address> would be something like However, I'd just use the -F option and set a filter like: dst host <your_host_address> 192.168.1.2 and forget the -o. (I hope I got this one right...) Later,
with a cable-modem connection and add -o to the init script. Is this correct? I don't want to defeat the purpose of the app. Linux i686, 2.4.16 kernel, snort 1.8 Rinaldi __________________________________________________ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Phil Wood, cpw () lanl gov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Minimize logging Rinaldi Montessi (Jan 03)
- Re: Minimize logging Phil Wood (Jan 04)