Snort mailing list archives

Re: snort_inline about logging MACs

From: Ralf Spenneberg <lists () spenneberg org>
Date: Thu, 10 Nov 2005 17:35:27 +0100

Logging the mac address is only possible if the customer is within the
collision domain of the snort sensor. As soon as a router is inbetween
snort and the customers machine it is impossible. 
If this precondition is met you can simply use iptables to log the MAC.

Ralf

Am Donnerstag, den 10.11.2005, 11:43 +0800 schrieb sake:

Hi,all

    I'm using snort inline as an IPS on a central linux box, from this
linux, our customer can login  to other inner hosts.
I want to log our customer's MAC address as an identification,It seems
that snort_inline dose not support this directly,
How can I do.   Thanks in advance for any directions!

-- 
Ralf Spenneberg
OpenSource Training                     http://www.opensource-training.de
Webereistr. 1                           48565 Steinfurt           Germany




-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort_inline about logging MACs sake (Nov 10)
- Re: snort_inline about logging MACs Ralf Spenneberg (Nov 10)