[Snort-users] heavy logging...

Sean.McHugh at ...668... Sean.McHugh at ...668...
Thu Oct 19 14:29:55 EDT 2000


I want to create a rule that plainly logs access to a webserver 
running on port 88 using SSL for all connections.  I want to get as few 
alerts on this as possible - right now i'm testing for ack:0, but due to
the number of sessions the client creates, it's still a lot.
anyonew have any tips on whittling this down.

Oh, the webserver doesn't have a logging facility - don't ask...

thanks.



Sean McHugh, MCP
Sungard ePI Inc.
Regional Systems Administrator
45 Broadway
New York, NY 10006
Wk phone: 212-806-4972
 



More information about the Snort-users mailing list