Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Logs

From: Helder Miguel Rodrigues <crash () frew org>
Date: Tue, 15 Jul 2003 19:28:23 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I cant change all rules to have the result that i want!
Thanks a lot anyway!

Anyone have another tips?

Cheers

Josué Souza wrote:
| I'm a newbie on snort but maybe you should take a look at the flow rule option. It seems that this is used to apply rules to only one direction of the traffic. It's in section 2.3.35 of Snort Users Manual. | | Best regards, | | Josué José Souza Júnior | | Nexos Information Security 
| josue () nexos com br <mailto:josue () nexos com br>
| +55 71 2106-9125
| Salvador - Bahia - Brasil
|
| >>> Helder Miguel Rodrigues <crash () frew org> 07/15/03 01:19 >>>

| Hello I have my workstation running snort with no probs.
| My workstation is directly connected to the internet via eth0!
|
| so I have in my config file:
| var HOME_NET $eth0_ADDRESS
| var EXTERNAL_NET !$HOME_NET
|
| But in acid it appears  ATTACK RESPONSES 403 and my CHAT MSN messages,
| how can I prevent to log this things?
|
| I just want to log what came from the internet, not what goes to the
| internet.
|
| Thanks a lot
|

- -------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/FEfHXuDuuXe+pHkRArAWAKCE4TaGsd9TdMibNanrzFfaSkeu4QCfTqyq
/UX6kAKK+C5pLjCYI+G2C4E=
=CQp5
-----END PGP SIGNATURE-----




-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: