Snort mailing list archives
Re: snort_inline about logging MACs
From: Ralf Spenneberg <lists () spenneberg org>
Date: Thu, 10 Nov 2005 17:35:27 +0100
Logging the mac address is only possible if the customer is within the collision domain of the snort sensor. As soon as a router is inbetween snort and the customers machine it is impossible. If this precondition is met you can simply use iptables to log the MAC. Ralf Am Donnerstag, den 10.11.2005, 11:43 +0800 schrieb sake:
Hi,all I'm using snort inline as an IPS on a central linux box, from this linux, our customer can login to other inner hosts. I want to log our customer's MAC address as an identification,It seems that snort_inline dose not support this directly, How can I do. Thanks in advance for any directions!
-- Ralf Spenneberg OpenSource Training http://www.opensource-training.de Webereistr. 1 48565 Steinfurt Germany ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort_inline about logging MACs sake (Nov 10)
- Re: snort_inline about logging MACs Ralf Spenneberg (Nov 10)