Snort mailing list archives

Snort queries

From: Justin Xavier <Justin.Xavier () Cybertech Com>
Date: Thu, 18 Jul 2019 12:12:57 +0000

Hi All,

We are using Netgate Pfsense firewall in our premises with Snort service installed. We had some queries regarding the 
service and need your assistance in understanding SNORT.


1.      We observed SNORT logs and found many log entries for snort events. Is it that SNORT is blocking/dropping all 
these packets?

2.      When does SNORT decide to block traffic from a particular IP? This is regarding the Blocked hosts.

3.      How can we determine the blocked hosts from snort logs, as we couldn’t find a specific log entry that stated 
the ip was blocked and added to Blocked hosts.

Regards,
Justin X.

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Current thread:

Snort queries Justin Xavier (Jul 19)
- Re: Snort queries wkitty42--- via Snort-users (Jul 20)
- Re: Snort queries Ulises Mora Alvarez (Jul 22)
- <Possible follow-ups>
- Re: Snort queries noc (Jul 20)