Snort mailing list archives
Re: Logging excessive ICMP from HOME_NET
From: Erek Adams <erek () theadamsfamily net>
Date: Mon, 18 Nov 2002 12:29:18 -0800 (PST)
On Mon, 18 Nov 2002, Albert E. Whale wrote:
I have a considerable amount of ICMP Traffic being logged from ${HOME_NET}. While I recognize that Snort is going to log traffic, but I would prefer that it log the ICMP traffic not from the ${DNS_SERVERS}. Is this possible?
Sure is. You basically want to ignore trafic of a certain type from a host(s) or network. If you'll search the archives [0] for 'ignore' [1], you'll find a link [2] that gives you exactly what you want. Cheers! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net [0] http://marc.theaimsgroup.com/?l=snort-users&r=1&w=2 [1] http://marc.theaimsgroup.com/?l=snort-users&w=2&r=1&s=ignore&q=b [2] http://www.theadamfamily.net/~erek/snort/ignore.txt ------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Logging excessive ICMP from HOME_NET Albert E. Whale (Nov 18)
- Re: Logging excessive ICMP from HOME_NET Erek Adams (Nov 18)