Snort mailing list archives
No logging from localhost?
From: "Whaley, Mike" <mwhaley () rightnow com>
Date: Fri, 3 May 2002 10:10:07 -0600
Here's the scenario... When accessing the acid web pages from a remote machine, snort picks up on the viewing of events and logs the event in the database. The IP logged is the snort sensor. Specific Scenario... Say there is 10 events for the classification kicka$$-porn. I go and view those events with the acid interface from a remote machine. Then snort picks up on the word "porn" and logs another 20 or so events in the database. Now, instead of having 10 events for porn I know have 30 events with a two-thirds of them originating from the sensor. Is there a way to tell snort NOT to log events that originate from my sensor? Is this a good Idea or will I cause myself problems in the future? I imagine this is happening with other events too that I am viewing. Is this correct? Thank you very much for your help. Mike Whaley _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- No logging from localhost? Whaley, Mike (May 03)
- Re: No logging from localhost? Erek Adams (May 03)