Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: logging inbound packets only

From: Dragos Ruiu <dr () kyx net>
Date: Sun, 2 Feb 2003 08:50:54 +0000
On February 2, 2003 07:04 am, njharris wrote:

I have set up a second instance of snort to log packets to a mysql
database.Everything works fine , except it only sees the inbound packets.
The rule is "log any any any -> any any" , I even tried "log tcp $HOME_NET
any -> $EXTERNAL_NET any", and it still only logs outbound packets. This is
the only rule in the rule base. Snort.conf has been deleted of all others.
My $HOME_NET 10.10.10.0/24
$EXTERNAL_NET !$HOME_NET

When the process is cancelled, snort reports that it logged all packets.

Any help is very appreciated,
Nick Harris
CTO
TNS



Huh? You might want to restate this q.

-- 
dr () kyx net   pgp: http://dragos.com/ kyxpgp
http://cansecwest.com



-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: