Snort mailing list archives
Re: Alerts with the incorrect Source IP (proxy server)
From: Jeremy Hoel <jthoel () gmail com>
Date: Wed, 24 Oct 2012 18:42:10 +0000
Check that out.. learned something new. I don't have that value in my conf either but that's something worth looking at. On Oct 24, 2012 12:38 PM, "beenph" <beenph () gmail com> wrote:
On Wed, Oct 24, 2012 at 2:27 PM, Turnbough, Bradley E. <bturnbough () belcan com> wrote:Stupid question, but enable_xff doesn’t exist in my snort.conf. Wheredoesit go? From: Joel Esler [mailto:jesler () sourcefire com] Sent: Wednesday, October 24, 2012 1:10 PM To: Jeremy Hoel Cc: Turnbough, Bradley E.; snort-users () lists sourceforge net Subject: Re: [Snort-users] Alerts with the incorrect Source IP (proxy server) If you have additional logging turned on, and your proxy supports it,(andyou have "enable_xff") turned on in the snort.conf we'll log the actualIPin the additional data in the unified2 file.Just to clarify something, barnyard2 will process (read) but will not log EXTRA_DATA events to the database. -elz ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Alerts with the incorrect Source IP (proxy server) Turnbough, Bradley E. (Oct 24)
- Re: Alerts with the incorrect Source IP (proxy server) Jeremy Hoel (Oct 24)
- Re: Alerts with the incorrect Source IP (proxy server) Joel Esler (Oct 24)
- Re: Alerts with the incorrect Source IP (proxy server) Turnbough, Bradley E. (Oct 24)
- Re: Alerts with the incorrect Source IP (proxy server) beenph (Oct 24)
- Re: Alerts with the incorrect Source IP (proxy server) Jeremy Hoel (Oct 24)
- Re: Alerts with the incorrect Source IP (proxy server) Eric G (Oct 24)
- Re: Alerts with the incorrect Source IP (proxy server) Heine Lysemose (Oct 25)
- Re: Alerts with the incorrect Source IP (proxy server) beenph (Oct 25)
- Re: Alerts with the incorrect Source IP (proxy server) Heine Lysemose (Oct 25)
- Re: Alerts with the incorrect Source IP (proxy server) Joel Esler (Oct 24)
- Re: Alerts with the incorrect Source IP (proxy server) Jeremy Hoel (Oct 24)
- Re: Alerts with the incorrect Source IP (proxy server) Bamm Visscher (Oct 25)
- Re: Alerts with the incorrect Source IP (proxy server) Joel Esler (Oct 25)
- Re: Alerts with the incorrect Source IP (proxy server) Jason Haar (Oct 25)