Snort mailing list archives
RE: Viewing ACID set's off P..O..R..N rules ...
From: "Scott Renna" <srenna () d-a-s com>
Date: Mon, 21 Jul 2003 17:13:06 -0400
you forgot to add the word "host" before your IP *************************** Scott Renna Head Systems Administrator Dynamic Animation Systems 703-503-0500 *************************** -----Original Message----- From: Jason Whitson [mailto:jason () visionxtreme net] Sent: Monday, July 21, 2003 5:13 PM To: Scott Renna; snort-users () lists sourceforge net Subject: Re: [Snort-users] Viewing ACID set's off P..O..R..N rules ... So ... /usr/local/bin/snort -U -d -D -c /etc/snort/snort.conf not \ 172.16.1.172:80 ? Because that didn't work. Do I surround my IP in ( ) ... ? - Jason ----- Original Message ----- From: "Scott Renna" <srenna () d-a-s com> To: "'Jason Whitson'" <jason () visionxtreme net>; <snort-users () lists sourceforge net> Sent: Monday, July 21, 2003 3:32 PM Subject: RE: [Snort-users] Viewing ACID set's off P..O..R..N rules ...
Try this from 7/8: Bryan Irvine <bryan.irvine () kingcountyjournal com> writes:Is there a way to get snort to skip over ip's? I keep tripping the porno alerts whenever I view someone elses porno log in acid. I'd like for it to not log my ip.The easiest way is to do a bpf filter on the snort command line snort <args> not \( host <ip> and port 80 \) -- Chris Green <cmg () sourcefire com> I've had a perfectly wonderful evening. But this wasn't it. -- Groucho Marx *************************** Scott Renna Head Systems Administrator Dynamic Animation Systems 703-503-0500 *************************** -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jason Whitson Sent: Monday, July 21, 2003 4:24 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Viewing ACID set's off P..O..R..N rules ... Well today I decided to turn on the P..O..R..N ruleset to see if anyone here wan't working on ... work. Much to my surprise, ACID "blew up" with Rule violations. This is great and all but when I view the rule violations in the ACID console and refresh to see the latest, all the rules that were listed get relisted because I was viewing them! Is there a way to exclude the machine I use to view the ACID console from the rules? I would hate to have to explain the rule violationsfrom my workstation. Even though the source IP is the box running snort ... - Jason ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: [Snort-sigs] Re: Fw: Cisco Vulnerability Testing Results, (continued)
- Re: [Snort-sigs] Re: Fw: Cisco Vulnerability Testing Results William Stearns (Jul 18)
- Re: [Snort-sigs] Re: Fw: Cisco Vulnerability Testing Results Michael Scheidell (Jul 20)
- Re: Re: [Snort-sigs] Re: Fw: Cisco Vulnerability Testing Results Rich Adamson (Jul 20)
- snort.conf Tantravahi Venkata Aditya (Jul 20)
- RE: snort.conf Scott Renna (Jul 20)
- preprocessor logs Tantravahi Venkata Aditya (Jul 20)
- Re: preprocessor logs Matt Kettler (Jul 21)
- Viewing ACID set's off P..O..R..N rules ... Jason Whitson (Jul 21)
- RE: Viewing ACID set's off P..O..R..N rules ... Scott Renna (Jul 21)
- Re: Viewing ACID set's off P..O..R..N rules ... Jason Whitson (Jul 21)
- RE: Viewing ACID set's off P..O..R..N rules ... Scott Renna (Jul 21)
- Re: Re: [Snort-sigs] Re: Fw: Cisco Vulnerability Testing Results Rich Adamson (Jul 20)