Snort mailing list archives
Re: Specific Host Filter
From: Frank Knobbe <frank () knobbe us>
Date: Fri, 14 May 2004 10:55:16 -0500
On Fri, 2004-05-14 at 10:15, Todd.Lambdin wrote:
Is there an easy way to implement a filter so that I can watch traffic between the sensor host and 1 other system only? I do not want to capture all traffic to the sensor, only traffic from 1 specific host.
Is that not in the FAQ? Limit traffic using the BPF filter. For example: snort -c snort.conf -l /var/log host 1.2.3.4 That will only log/alert on packets from/to host 1.2.3.4. Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Specific Host Filter Todd.Lambdin (May 14)
- Re: Specific Host Filter Frank Knobbe (May 14)
- RE: Specific Host Filter Eric Hines (May 14)
- RE: Specific Host Filter Todd.Lambdin (May 14)