No logging from localhost?

["Whaley, Mike" <mwhaley () rightnow com>]

Here's the scenario...


When accessing the acid web pages from a remote machine, snort picks up on
the viewing of events and logs the event in the database.  The IP logged is
the snort sensor.

Specific Scenario...

Say there is 10 events for the classification kicka$$-porn.  I go and view
those events with the acid interface from a remote machine.  Then snort
picks up on the word "porn" and logs another 20 or so events in the
database.  Now, instead of having 10 events for porn I know have 30 events
with a two-thirds of them originating from the sensor.

Is there a way to tell snort NOT to log events that originate from my
sensor?  Is this a good Idea or will I cause myself problems in the future?
I imagine this is happening with other events too that I am viewing.  Is
this correct?  Thank you very much for your help.

Mike Whaley

_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users