[Snort-users] ALERT in logs
Helio Coelho Jr. - CompuLand ISP Admin
helio at ...119...
Wed Sep 13 11:18:05 EDT 2000
-----BEGIN PGP SIGNED MESSAGE-----
I'm using snort for a while and it's very nice and useful.
One question: I'm using snort_stat.pl to look at the logfiles.
I saw every day several entries that has ALERT in the description
of the attack/probe. All of them are directed to our irc server.
But in the rules there's no entry pointing to the common irc port, nor
that 'ALERT' definition. So I suppose it's in the code. Does this
ALERT message means something else - can I safely ignore it and
how can I block that message from appearing in the logs ?
CompuLand ISP Admin
GnuPG Public Key: http://www.compuland.com.br/helio/gpgpublic.txt
A little suffering is good for the soul.
-- Kirk, "The Corbomite Maneuver", stardate 1514.0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the Snort-users