Snort mailing list archives
Re: Re[2]: Snort Filtering
From: twig les <twigles () yahoo com>
Date: Tue, 29 Apr 2003 15:30:06 -0700 (PDT)
You may want to log everything for various reasons and I would like that luxury myself, but I would do that on a seperate box from the IDS. --- Michale <michale () pln cc> wrote:
Hello, OK, it sounds like logging EVERYTHING might not be a wise approach. :^) I did (and am again) using the newest RULES downloaded from snort.org. So, maybe the approach I am looking is to have it use THAT ruleset, but then put in domains and IPs that I want it to log activity from... Is that a similiar procedure to the one of NOT logging specified domains and IPs?? Michale Tuesday, April 29, 2003, 6:01:24 PM, you wrote: ND> Michale <michale () pln cc> wrote asking:I know how to make SNORT log ALL activity..ND> This is probably not a good approach because security-related ND> traffic will get swamped in the noise. If you haven't already, ND> I suggest you start with the ruleset shipped with the Snort ND> distribution.But can I filter out the logging based on IP or DomainName.. ND> Yes, but the subject is a big one and is well covered in the ND> manual. If you don't have a copy, it's available at the snort ND> website: ND> http://www.snort.org ND> Pay particular attention to what are called "pass" rules as a ND> means of ignoring traffic from hosts believed to be friendly. ND> Best regards, ND> Neil Dickey, Ph.D. ND> Research Associate/Sysop ND> Geology Department ND> Northern Illinois University ND> DeKalb, Illinois ND> 60115 -- Best regards, Michale mailto:michale () pln cc ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
===== ----------------------------------------------------------- Emo is what happens when the glee club goes punk. ----------------------------------------------------------- __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Filtering Michale (Apr 29)
- Re: Snort Filtering Matt Kettler (Apr 29)
- <Possible follow-ups>
- Re: Snort Filtering Neil Dickey (Apr 29)
- Re[2]: Snort Filtering Michale (Apr 29)
- Re: Re[2]: Snort Filtering twig les (Apr 29)
- Re[2]: Snort Filtering Michale (Apr 29)
- RE: Snort Filtering L. Christopher Luther (Apr 29)
- Re: Re[2]: Snort Filtering Neil Dickey (Apr 29)