Dave.Flynn at ...414...
Tue Sep 5 13:33:54 EDT 2000
I have a question concerning multiple subnets. I have 3 Class 'C' subnets
that I need to monitor. I have read some of the posts about this, and I have
set up my rules file with 3 copies of every rule with different $HOME_NET
assignments. Yes, I did see the message about running different snorts at
one time. However, I am getting a lot of hits on some of the ICMP and NT
rules. I have commented them out for now, but I would like to still get the
alert if it is not coming from my network. How can I filter this out so I do
get the alert from unknown networks and from local to local networks?
Red Herring Communications, Inc.
Fax: (415) 865-2280
Direct: (415) 486-2929
More information about the Snort-users