Snort mailing list archives

Re: Snort logging way too much

From: Martin Roesch <roesch () sourcefire com>
Date: Fri, 13 Feb 2004 21:04:45 -0500

We need more info, please check out the BUGS file in the doc directoryof your Snort distro.


    -Marty

On Feb 13, 2004, at 7:25 PM, Ochronus wrote:

Hi!
I have a hosted server with a fix IP address. I set $HOME_NET to thisaddress, tried turning on and off promiscuous mode, still snort logsmany packets sent to foreing machines, even to ones hosted triviallyat other subnets.
Given the above layout (single server, no LAN attached, fix ip), couldyou give me some hints on configuring the pig for rule-based loggingthe packets sent only TO MY machine?
Thanks in advance,
Ochronus



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort logging way too much Ochronus (Feb 13)
- Re: Snort logging way too much Martin Roesch (Feb 13)
  - Re[2]: Snort logging way too much Ochronus (Feb 13)
    - Message not available
    - Re[2]: Snort logging way too much Ochronus (Feb 15)
    - Block Israel_Guadalupe_Lopez_Mascorro . . /Administracion/Jalisco (Feb 16)
    - Message not available
    - Re: Block Matt Kettler (Feb 16)
    - Re: Block Paul Schmehl (Feb 16)
    - Re: Block Frank Knobbe (Feb 16)
    - Re: Block Paul Schmehl (Feb 16)
    - Re: Block Frank Knobbe (Feb 16)
    - Re: Block Brian (Feb 16)
    - Re: Block Matt Kettler (Feb 17)