Snort mailing list archives

RE: Passing IP Addresses best practices

From: Erek Adams <erek () snort org>
Date: Wed, 24 Sep 2003 11:13:36 -0400 (EDT)

On Tue, 23 Sep 2003, Richard Brackett wrote:

So what's your opinion on Snort management interfaces? Is there such an
animal out there that I can leave Snort untouched as far as rules go and
then filter out the events I don't want after they've reached a
management interface?


Untouched == bad idea.

Tune your rules, that's the best thing.  Use whatever interface you want,
just as long as it works for you.  Once you make rule changes use
something like Oinkmaster to do your rule updates and you should be fine.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Passing IP Addresses best practices Mike Burkhouse (Sep 23)
- Re: Passing IP Addresses best practices Erek Adams (Sep 23)
  - RE: Passing IP Addresses best practices Mike Burkhouse (Sep 23)
    - RE: Passing IP Addresses best practices Erek Adams (Sep 23)
    - RE: Passing IP Addresses best practices Mike Burkhouse (Sep 23)
- <Possible follow-ups>
- RE: Passing IP Addresses best practices Richard Brackett (Sep 23)
  - Re: Passing IP Addresses best practices jon baer (Sep 23)
  - RE: Passing IP Addresses best practices Erek Adams (Sep 24)
  - RE: Passing IP Addresses best practices Mervin Pearce (Sep 25)