Snort mailing list archives
Clarification of inbound only logging issue.
From: "njharris" <njharris () mindspring com>
Date: Sun, 2 Feb 2003 12:49:26 -0600
O.K. Thanks. It was 1:30 A.M. and I'm a little tired. This should be a little clearer. I have set up a second instance of snort to log packets to a mysql database.Everything works fine , except it only sees the inbound packets. The rule is "log any any any -> any any" , I even tried "log tcp $HOME_NET any -> $EXTERNAL_NET any", and it still only logs inbound packets. This is the only rule in the rule base. Snort.conf has been deleted of all others. My $HOME_NET 10.10.10.0/24 $EXTERNAL_NET !$HOME_NET When the process is cancelled, snort reports that it logged all packets. Any help is very appreciated, Nick Harris CTO TNS
Current thread:
- Clarification of inbound only logging issue. njharris (Feb 02)
- Re: Clarification of inbound only logging issue. Erick Mechler (Feb 02)