Snort mailing list archives
Snort Logging Question
From: Jay Hall <jhall () socket net>
Date: Fri, 12 Feb 2010 15:58:44 -0600
This is the first time I have setup Snort, and I am at a complete loss. I am running Snort on the bridge between my company and our parent organization. They have a habit of scanning networks without warning and I would like to know when this happens. I have created the local.rules file with a couple of rules. Snort starts without any problems. Unfortunately, all the traffic on the bridge is logged. I would like to only have the traffic which triggers one of the rules in local.rules be logged. I have commented all of the includes, except local.rules, in snort.conf Any suggestions would be greatly appreciated. Thanks for your help. Jay ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Logging Question Jay Hall (Feb 12)
- Re: Snort Logging Question Joel Esler (Feb 12)
- Re: Snort Logging Question Jay Hall (Feb 12)
- Re: Snort Logging Question Joel Esler (Feb 12)