Snort mailing list archives
Re: Snort IDS
From: Jim Campbell <jim () w4bqp net>
Date: Tue, 25 Oct 2016 11:41:49 -0400
Dave,When you have configured Snort as an IPS you then "tune" the system by determining which of the types of packets being dropped are not a problem. You then enter the Generator ID and SID ID (e.g., 119:19) into the /etc/snort/disablesid.conf file. Snort then stops dropping those types of files.
Hope this helps, Jim Campbell On 10/25/2016 2:51 AM, Dave Osbourne wrote:
On my setup there is a log in /var/log/auth.log of the trigger event and the actual packet transgressing is in a .PCAP in /var/log/snort/So yes, the IDS sensor *can* log the dropped packets, but I understand you can configure it not to...D On 2016-10-25 05:13, Murali Krishna wrote:Hi Team, Please help me understand the flow of packets in IDS sensor. Does IDS sensor logs dropped packets? Thanks & Regards, Murali krishna. ------------------------------------------------------------------------------ The Command Line: Reinvented for Modern Developers Did the resurgence of CLI tooling catch you by surprise? Reconnect with the command line and become more productive. Learn the new .NET and ASP.NET CLI. Get your free copy! http://sdm.link/telerik _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visithttp://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ The Command Line: Reinvented for Modern Developers Did the resurgence of CLI tooling catch you by surprise? Reconnect with the command line and become more productive. Learn the new .NET and ASP.NET CLI. Get your free copy! http://sdm.link/telerik _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ The Command Line: Reinvented for Modern Developers Did the resurgence of CLI tooling catch you by surprise? Reconnect with the command line and become more productive. Learn the new .NET and ASP.NET CLI. Get your free copy! http://sdm.link/telerik
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort IDS Murali Krishna (Oct 24)
- Re: Snort IDS Dave Osbourne (Oct 25)
- Re: Snort IDS Jim Campbell (Oct 25)
- Re: Snort IDS Dave Osbourne (Oct 25)
- Re: Snort IDS Jim Campbell (Oct 25)
- Re: Snort IDS Jim Campbell (Oct 25)
- Re: Snort IDS Dave Osbourne (Oct 25)