Snort mailing list archives

Re: Snort Filtering

From: Neil Dickey <neil () geol niu edu>
Date: Tue, 29 Apr 2003 17:01:24 -0500 (CDT)


Michale <michale () pln cc> wrote asking:

 I know how to make SNORT log ALL activity..


This is probably not a good approach because security-related
traffic will get swamped in the noise.  If you haven't already,
I suggest you start with the ruleset shipped with the Snort
distribution.

 But can I filter out the logging based on IP or Domain Name..


Yes, but the subject is a big one and is well covered in the
manual.  If you don't have a copy, it's available at the snort
website:

  http://www.snort.org

Pay particular attention to what are called "pass" rules as a
means of ignoring traffic from hosts believed to be friendly.

Best regards,

Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois
60115




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort Filtering Michale (Apr 29)
- Re: Snort Filtering Matt Kettler (Apr 29)
- <Possible follow-ups>
- Re: Snort Filtering Neil Dickey (Apr 29)
  - Re[2]: Snort Filtering Michale (Apr 29)
    - Re: Re[2]: Snort Filtering twig les (Apr 29)
- RE: Snort Filtering L. Christopher Luther (Apr 29)
- Re: Re[2]: Snort Filtering Neil Dickey (Apr 29)