Snort Logging Question

[Jay Hall <jhall () socket net>]

This is the first time I have setup Snort, and I am at a complete  
loss.  I am running Snort on the bridge between my company and our  
parent organization.  They have a habit of scanning networks without  
warning and I would like to know when this happens.

I have created the local.rules file with a couple of rules.  Snort  
starts without any problems.

Unfortunately, all the traffic on the bridge is logged.  I would like  
to only have the traffic which triggers one of the rules in  
local.rules be logged.

I have commented all of the includes, except local.rules, in snort.conf

Any suggestions would be greatly appreciated.

Thanks for your help.


Jay

------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users