[Snort-users] ALERT in logs

Helio Coelho Jr. - CompuLand ISP Admin helio at ...119...
Wed Sep 13 11:18:05 EDT 2000


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi:

  I'm using snort for a while and it's very nice and useful.

  One question: I'm using snort_stat.pl to look at the logfiles.
I saw every day several entries that has ALERT in the description
of the attack/probe. All of them are directed to our irc server.
But in the rules there's no entry pointing to the common irc port, nor
that 'ALERT' definition. So I suppose it's in the code. Does this
ALERT message means something else - can I safely ignore it and
how can I block that message from appearing in the logs ?

Best Regards,
Helio.

- -- 
CompuLand ISP Admin
GnuPG Public Key: http://www.compuland.com.br/helio/gpgpublic.txt
- --
A little suffering is good for the soul.
                -- Kirk, "The Corbomite Maneuver", stardate 1514.0

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE5v5qts4JCXSskkw8RAtW+AKCDSsAC1UOBe3/W2O7CMitjkEeopACffdUn
zSVR0YMe4KGIKNjASnmyCEY=
=5zQ/
-----END PGP SIGNATURE-----



More information about the Snort-users mailing list