[Snort-users] ssnort

PANIC! [FS] panic. at ...158...
Wed Jul 26 14:09:33 EDT 2000


  i am using snort 1.6.3 on a SUSE 6.4 box. I have 45 virtual ips on
  my machine in different subnets
  Now i want snort to listen with all rules on these ips. How can i
  do that or have i to write 45 rules for each rule?
  Another problem is that i want to log appents fast after each other
  only ONE time.
  For example:
  alert tcp any any -> 21 (msg: "FTP connect";)
  this makes on one connect of a FTP programm 4 alerts but i want only
  1. How can i do this?
  Ok thanks for all

Thomas                         mailto:panic. at ...158...

More information about the Snort-users mailing list