Snort mailing list archives
Re: Logs
From: Helder Miguel Rodrigues <crash () frew org>
Date: Tue, 15 Jul 2003 19:28:23 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I cant change all rules to have the result that i want! Thanks a lot anyway! Anyone have another tips? Cheers Josué Souza wrote:| I'm a newbie on snort but maybe you should take a look at the flow rule option. It seems that this is used to apply rules to only one direction of the traffic. It's in section 2.3.35 of Snort Users Manual. | | Best regards, | | Josué José Souza Júnior | | Nexos Information Security
| josue () nexos com br <mailto:josue () nexos com br> | +55 71 2106-9125 | Salvador - Bahia - Brasil | | >>> Helder Miguel Rodrigues <crash () frew org> 07/15/03 01:19 >>> | Hello I have my workstation running snort with no probs. | My workstation is directly connected to the internet via eth0! | | so I have in my config file: | var HOME_NET $eth0_ADDRESS | var EXTERNAL_NET !$HOME_NET | | But in acid it appears ATTACK RESPONSES 403 and my CHAT MSN messages, | how can I prevent to log this things? | | I just want to log what came from the internet, not what goes to the | internet. | | Thanks a lot | - ------------------------------------------------------- This SF.Net email sponsored by: Parasoft Error proof Web apps, automate testing & more. Download & eval WebKing and get a free book. www.parasoft.com/bulletproofapps1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-nr1 (Windows XP) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/FEfHXuDuuXe+pHkRArAWAKCE4TaGsd9TdMibNanrzFfaSkeu4QCfTqyq /UX6kAKK+C5pLjCYI+G2C4E= =CQp5 -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.Net email sponsored by: Parasoft Error proof Web apps, automate testing & more. Download & eval WebKing and get a free book. www.parasoft.com/bulletproofapps1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users