Snort mailing list archives

Snort + ipchains

From: Guillaume <guillaume () anteria fr>
Date: Fri, 30 Nov 2001 16:47:40 +0100 (CET)

Hi.

Does anybody use the -o option of ipchains to capture REJECTed or DENYied 
packets and send its to snort for log or analyse action ? How does it work ? 
(Please send a more detailed answer than just "fine" ! :-))

I would like to enhance my ipchains filter by adding to it this facility: all 
REJECT or DENY packets are logged "à la tcpdump" and post-analyzed by running 
snort.

Thanks.

Guillaume

***********************************
Sent with HORDE/IMP (www.horde.org)

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort + ipchains Guillaume (Nov 30)
- Re: Snort + ipchains John Sage (Nov 30)
  - RE: Snort + ipchains Martijn Heemels (Dec 01)
    - Re: Snort + ipchains John Sage (Dec 01)
    - RE: Snort + ipchains Martijn Heemels (Dec 01)
    - Re: Snort + ipchains John Sage (Dec 01)
    - RE: Snort + ipchains Erek Adams (Dec 01)
    - Re: Snort + ipchains Ed Wiget (Dec 01)
  - Re: Snort + ipchains Guillaume (Dec 01)
    - Re: Snort + ipchains John Sage (Dec 01)
    - RE: Snort + ipchains John Berkers (Dec 01)

(Thread continues...)