Re[2]: Snort Filtering

[Michale <michale () pln cc>]

Hello,

OK, it sounds like logging EVERYTHING might not be a wise approach.
:^)

I did (and am again) using the newest RULES downloaded from snort.org.

So, maybe the approach I am looking is to have it use THAT ruleset,
but then put in domains and IPs that I want it to log activity from...

Is that a similiar procedure to the one of NOT logging specified
domains and IPs??


                   Michale


                   


Tuesday, April 29, 2003, 6:01:24 PM, you wrote:


ND> Michale <michale () pln cc> wrote asking:

> >  I know how to make SNORT log ALL activity..

ND> This is probably not a good approach because security-related
ND> traffic will get swamped in the noise.  If you haven't already,
ND> I suggest you start with the ruleset shipped with the Snort
ND> distribution.

> >  But can I filter out the logging based on IP or Domain Name..

ND> Yes, but the subject is a big one and is well covered in the
ND> manual.  If you don't have a copy, it's available at the snort
ND> website:

ND>   http://www.snort.org

ND> Pay particular attention to what are called "pass" rules as a
ND> means of ignoring traffic from hosts believed to be friendly.

ND> Best regards,

ND> Neil Dickey, Ph.D.
ND> Research Associate/Sysop
ND> Geology Department
ND> Northern Illinois University
ND> DeKalb, Illinois
ND> 60115



--

 
Best regards,
 Michale                            mailto:michale () pln cc




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users