Re: New to snort

["Bruno Gimenes Pereti" <pereti () ump edu br>]

Hi Johnno,

If the problem is the log use this configuration in apache for stop loging
this attempts. It's from Scott from the linuxsecurity list.

SetEnvIfNoCase Request_URI "^/scripts/"  nolog
SetEnvIfNoCase Request_URI "^/msadc/"    nolog
SetEnvIfNoCase Request_URI "^/_vti_bin/" nolog
SetEnvIfNoCase Request_URI "^/_mem_bin/" nolog
SetEnvIfNoCase Request_URI "^/c/winnt/"  nolog
SetEnvIfNoCase Request_URI "^/d/winnt/"  nolog
SetEnvIfNoCase Request_URI "^/default.ida" nolog
Redirect gone /scripts/
Redirect gone /msadc/
Redirect gone /_vti_bin/
Redirect gone /_mem_bin/
Redirect gone /c/winnt/
Redirect gone /d/winnt/
Redirect gone /default.ida

Now add "env=!nolog" to the end of your CustomLog directive, like this:

CustomLog /usr/local/apache/logs/access_log common env=!nolog

Hope this helps...

Bruno Gimenes Pereti.

----- Original Message -----
From: "Johnno" <valentine () xtra co nz>
To: <snort-users () lists sourceforge net>; <mike () digitz org>
Sent: Monday, October 01, 2001 10:25 PM
Subject: Re: [Snort-users] New to snort


> so how would a go about  stopping the cmd.exe etc..  as these are hitting
> the network about every 2-3 hours.. altho i am using linux.. i am finding
it
> a pain as my apache logs are filled up with this sort of junk...
>
> I am wanting to stop it at the gateway computer so my logs don't get full
of
> this virus/hacker attempt.
>
> because the ip changes all the time using a normal firewall it not going
to
> cut..  Then I was told about snort and how it could stop this junk getting
> throw....
>
> Many Thanks,
>                         Johnno


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users