Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: configuring snort

From: "Lee Clemens" <snort () leeclemens net>
Date: Wed, 2 Mar 2005 17:02:35 -0500
I would recommend var EXTERNAL_NET = !HOME_NET

This will force Snort to consider any IP not included in the subnet (or
list) show as HOME_NET to be considered external and may help stop your
problems. However, I'm not exactly sure what you mean by "logging the local
machine in the alert logs", so it's a little hard to say. Does this mean
it's seeing interactions between your own machines and alerting to it
(obviously you woulnd't want a foreign machine and your own interacting the
way computers on the same network do)?

--Lee

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of
jzorzi () marketlinksolutions com
Sent: Tuesday, March 01, 2005 10:24 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] configuring snort

I'm trying to set up snort log monitoring and real time alerts.
I've editted the standard snort.conf file.
I've modified the HOME_NET var to the appropriate sets of IP addresses and
left the EXTERNAL_NET to any
 
The thing is that it's logging the local machine in the alert logs.  I'm
guessing the EXTERNAL_NET var is causing this but i don't know what to set
it to.
 
Can anyone give me any insight.  An explanation on how snort uses these
variables would be great too.
 
Thanx in advance for your help
 

Jay Zorzi
Systems Administrator, Information Technology

MarketLink Solutions
see further. achieve more.

e - jzorzi () marketlinksolutions com
t - 416.260.2800 x299
f - 416.260.2893 

 




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: