Re: Snort Logging Question

[Jay Hall <jhall () socket net>]

On Feb 12, 2010, at 4:02 PM, Joel Esler wrote:

> Can you give us an example of what is logged that you don't want  
> logged?  That way we can help you in turning it off.
>
> J
Here is an example of what is logged.

[**] [116:58:1] (snort_decoder): Experimental Tcp Options found [**]
[Priority: 3]
02/12-15:50:24.602618 0:11:92:FA:93:80 -> 0:B0:D0:D1:F3:AF type:0x800  
len:0x4A
172.16.8.11:3733 -> 10.129.10.41:389 TCP TTL:124 TOS:0x0 ID:54890  
IpLen:20 DgmLen:60 DF
******S* Seq: 0x1BF88BDC  Ack: 0x0  Win: 0xFAF0  TcpLen: 40
TCP Options (7) => MSS: 1460 NOP NOP SackOK Opt 76 (8): 0101 AC10 080C  
0005  NOP EOL

I am starting Snort using the following:

./snort -c /usr/local/snort/etc/snort/snort.conf -de -N -l /var/log/ 
snort -d

Thanks for your help.


Jay

------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users