[Snort-users] ssnort

PANIC! [FS] panic. at ...158...
Wed Jul 26 14:09:33 EDT 2000


Hi,

  i am using snort 1.6.3 on a SUSE 6.4 box. I have 45 virtual ips on
  my machine in different subnets
  (10.0.1.75,10.0.2.75,...,10.0.45.75).
  Now i want snort to listen with all rules on these ips. How can i
  do that or have i to write 45 rules for each rule?
  Another problem is that i want to log appents fast after each other
  only ONE time.
  For example:
  alert tcp any any -> 10.0.3.75 21 (msg: "FTP connect";)
  this makes on one connect of a FTP programm 4 alerts but i want only
  1. How can i do this?
  Ok thanks for all

CU
Thomas                         mailto:panic. at ...158...






More information about the Snort-users mailing list