Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Alerts with the incorrect Source IP (proxy server)

From: beenph <beenph () gmail com>
Date: Wed, 24 Oct 2012 14:36:20 -0400
On Wed, Oct 24, 2012 at 2:27 PM, Turnbough, Bradley E.
<bturnbough () belcan com> wrote:

Stupid question, but enable_xff doesn’t exist in my snort.conf.  Where does
it go?







From: Joel Esler [mailto:jesler () sourcefire com]
Sent: Wednesday, October 24, 2012 1:10 PM
To: Jeremy Hoel
Cc: Turnbough, Bradley E.; snort-users () lists sourceforge net
Subject: Re: [Snort-users] Alerts with the incorrect Source IP (proxy
server)



If you have additional logging turned on, and your proxy supports it, (and
you have "enable_xff") turned on in the snort.conf we'll log the actual IP
in the additional data in the unified2 file.



Just to clarify something, barnyard2 will process (read) but will not
log EXTRA_DATA events to the database.

-elz

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: