Snort mailing list archives
RE: couple questions
From: "Karen Marino" <kmarino () returncentral com>
Date: Tue, 2 Oct 2001 13:44:31 -0400
Sorry I meant to reply to the group. I have a question about this alert also, is it possible to monitor this rule but exclude port 53 to 53 on only my dns servers? Thanks, Karen -----Original Message----- From: Ilya [mailto:mail () krel org] Sent: Tuesday, October 02, 2001 12:22 AM To: snort-users () lists sourceforge net Subject: [Snort-users] couple questions I have two questions : 1 how can i stop this 10/02-00:15:28.424495 [**] [1:515:2] MISC source port 53 to <1024 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} xx.xx.xx.xx:53 -> xx.xx.xx.xx:53 i run a dns server, so this traffic should be ok. but i still want to be notified about everything else "Potentially Bad". Also in snort.conf I setup : output alert_syslog: LOG_LOCAL5 but nothing goes to the syslog. however everything is logged to usual files. I am running freebsd 4.4 thx _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: couple questions Karen Marino (Oct 02)