Snort mailing list archives
RE: loghog question
From: "Miller, Eoin" <Miller () fhlb-of com>
Date: Mon, 7 Oct 2002 13:25:42 -0400
from the loghog.conf file reguarding the ignore_host file entries: ################################################################### # # Ignore File: # # This is simply the file that you deposit ips/classes that you don't wish to block. # Its quite important that you make sure this file is correct so you don't go about DOSing # yourself! It should be noted that this does not disable alerting as it is informative to # know if something is happening on one of your hosts so you just don't want to cut it off. ################################################################### if i was you id just try tweaking the snort alerts so that they arent set off by the servers that you dont want to be notified about. eoin
-----Original Message----- From: Matthew Harrell [mailto:mhar () plex com] Sent: Monday, October 07, 2002 1:00 PM To: snort-users mailing list Subject: [Snort-users] loghog question Not sure if this is an appropriate list for a loghog question, but I can't find any online resources for issues with loghog (other than e-mailing the author). I'm running Snort 1.8.7 on Mandrake Linux 9.0 with loghog 0.1. I have several entries in my loghog "ignore_hosts" file. One node is giving me constant false alarms, and I'm trying to get loghog to quit sending me e-mails about it. However, even with the entry in ignore_hosts, I'm still getting the e-mails. I've killed and restarted loghog, but I'm still getting those darn e-mails. Any suggestions from other loghog users? ----------------- Matt Harrell Plexus Systems mhar () plex com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- loghog question Matthew Harrell (Oct 07)
- <Possible follow-ups>
- Re: loghog question Matthew Harrell (Oct 07)
- RE: loghog question Miller, Eoin (Oct 07)