Snort mailing list archives
RE: Snort + BB: Ignore BB Activity
From: Tom Sevy <tsevy () epx com>
Date: Tue, 27 Aug 2002 17:08:44 -0400
Look in your snort.conf file for preprocessor portscan-ignorehosts and put the ip of your bb host in there. -----Original Message----- From: Warner Joseph [mailto:Joseph.Warner () siemens com] Sent: Tuesday, August 27, 2002 4:25 PM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Snort + BB: Ignore BB Activity Hi, I'm running Snort 1.8.6 on FreeBSD 4.6-STABLE with the Big Brother System and Network Monitor. I have Snort logging to a MySQL database and I'm using a script called ext-snort that displays the Snort alerts on the BB display page. Everything seems to work properly with the exception of the BB server's activity showing up as spp_portscans in my snort logs. How do I get this to stop? I saw in a previous email that someone recommended placing the following line in the snort.conf file: var EXTERNAL_NET !bb_server_ip var EXTERNAL_NET [!ip_subnet.0/24] I tried both, with and without the brackets and nothing seems to work. I've searched through the "snort-users" archives and haven't found anything that helps. Any help with this would be greatly appreciated. Thanks! ---------------------------------------------------------------------------- --- This message and any included attachments are from Siemens Medical Solutions Health Services Corporation and are intended only for the addressee(s). The information contained herein may include trade secrets or privileged or otherwise confidential information. Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you received this message in error, or have reason to believe you are not authorized to receive it, please promptly delete this message and notify the sender by e-mail with a copy to CSOffice () smed com. Thank you ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by: Jabber - The world's fastest growing real-time communications platform! Don't just IM. Build it in! http://www.jabber.com/osdn/xim _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort + BB: Ignore BB Activity Warner Joseph (Aug 27)
- <Possible follow-ups>
- RE: Snort + BB: Ignore BB Activity Tom Sevy (Aug 27)
- RE: Snort + BB: Ignore BB Activity Warner Joseph (Aug 27)
- RE: Snort + BB: Ignore BB Activity Warner Joseph (Aug 27)
- Snort + BB: Ignore BB Activity Warner Joseph (Aug 28)
- Re: Snort + BB: Ignore BB Activity Dushyanth Harinath (Aug 29)