Snort mailing list archives

Minimize logging

From: Rinaldi Montessi <rmontessi () yahoo com>
Date: Thu, 3 Jan 2002 22:17:54 -0800 (PST)

Currently all outgoing traffic is being logged; e.g.
http, smtp, news etc.  I want to only log traffic
coming in.  This is a single user machine.  From what
I've read the way to do this is to add the following
to the /etc/snort/local.rules:

pass EXTERNAL_NET any -> any any # this is on eth1
with a cable-modem connection

and add -o to the init script.

Is this correct?  I don't want to defeat the purpose
of the app.

Linux i686, 2.4.16 kernel, snort 1.8 

Rinaldi



__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Minimize logging Rinaldi Montessi (Jan 03)
- Re: Minimize logging Phil Wood (Jan 04)