Snort mailing list archives
Re: Snort Logging Question
From: Jay Hall <jhall () socket net>
Date: Fri, 12 Feb 2010 16:14:58 -0600
On Feb 12, 2010, at 4:02 PM, Joel Esler wrote:
Can you give us an example of what is logged that you don't want logged? That way we can help you in turning it off. J
Here is an example of what is logged. [**] [116:58:1] (snort_decoder): Experimental Tcp Options found [**] [Priority: 3] 02/12-15:50:24.602618 0:11:92:FA:93:80 -> 0:B0:D0:D1:F3:AF type:0x800 len:0x4A 172.16.8.11:3733 -> 10.129.10.41:389 TCP TTL:124 TOS:0x0 ID:54890 IpLen:20 DgmLen:60 DF ******S* Seq: 0x1BF88BDC Ack: 0x0 Win: 0xFAF0 TcpLen: 40 TCP Options (7) => MSS: 1460 NOP NOP SackOK Opt 76 (8): 0101 AC10 080C 0005 NOP EOL I am starting Snort using the following: ./snort -c /usr/local/snort/etc/snort/snort.conf -de -N -l /var/log/ snort -d Thanks for your help. Jay ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Logging Question Jay Hall (Feb 12)
- Re: Snort Logging Question Joel Esler (Feb 12)
- Re: Snort Logging Question Jay Hall (Feb 12)
- Re: Snort Logging Question Joel Esler (Feb 12)