configuring snort

[jzorzi () marketlinksolutions com]

I'm trying to set up snort log monitoring and real time alerts.
I've editted the standard snort.conf file.
I've modified the HOME_NET var to the appropriate sets of IP addresses and
left the EXTERNAL_NET to any
 
The thing is that it's logging the local machine in the alert logs.  I'm
guessing the EXTERNAL_NET var is causing this but i don't know what to set
it to.
 
Can anyone give me any insight.  An explanation on how snort uses these
variables would be great too.
 
Thanx in advance for your help
 

Jay Zorzi
Systems Administrator, Information Technology

MarketLink Solutions
see further. achieve more.

e - jzorzi () marketlinksolutions com
t - 416.260.2800 x299
f - 416.260.2893