Snort mailing list archives

Re: Logs

From: "Josué Souza" <Josue () nexos com br>
Date: Tue, 15 Jul 2003 14:58:35 -0300

I'm a newbie on snort but maybe you should take a look at the flow rule option. It seems that this is used to apply 
rules to only one direction of the traffic. It's in section 2.3.35 of Snort Users Manual.

Best regards,

Josué José Souza Júnior

Nexos Information Security
josue () nexos com br
+55 71 2106-9125
Salvador - Bahia - Brasil

Helder Miguel Rodrigues <crash () frew org> 07/15/03 01:19 >>>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello I have my workstation running snort with no probs.
My workstation is directly connected to the internet via eth0!

so I have in my config file:
var HOME_NET $eth0_ADDRESS
var EXTERNAL_NET !$HOME_NET

But in acid it appears  ATTACK RESPONSES 403 and my CHAT MSN messages, 
how can I prevent to log this things?

I just want to log what came from the internet, not what goes to the 
internet.

Thanks a lot

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/FCmuXuDuuXe+pHkRAvS2AKCF/nMjoNfOPcT5Zne9AgJTz3rVegCgnVm2
jqdZRBrC8edooLSgQD6mqws=
=O4Wx
-----END PGP SIGNATURE-----




-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Logs Helder Miguel Rodrigues (Jul 15)
- Re: Logs Erek Adams (Jul 15)
- <Possible follow-ups>
- Re: Logs Josué Souza (Jul 15)
- Re: Logs Helder Miguel Rodrigues (Jul 15)