Re: Logging excessive ICMP from HOME_NET

[Erek Adams <erek () theadamsfamily net>]

On Mon, 18 Nov 2002, Albert E. Whale wrote:

> I have a considerable amount of ICMP Traffic being logged from
> ${HOME_NET}.
>
> While I recognize that Snort is going to log traffic, but I would prefer
> that it log the ICMP traffic not from the ${DNS_SERVERS}.  Is this
> possible?

Sure is.  You basically want to ignore trafic of a certain type from a
host(s) or network.

If you'll search the archives [0] for 'ignore' [1], you'll find a link [2]
that gives you exactly what you want.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


[0]     http://marc.theaimsgroup.com/?l=snort-users&r=1&w=2
[1]     http://marc.theaimsgroup.com/?l=snort-users&w=2&r=1&s=ignore&q=b
[2]     http://www.theadamfamily.net/~erek/snort/ignore.txt



-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users