[Snort-users] ALERT in logs
Helio Coelho Jr. - CompuLand ISP Admin
helio at ...119...
Tue Sep 19 19:49:47 EDT 2000
-----BEGIN PGP SIGNED MESSAGE-----
Em 15-Sep-2000 Martin Roesch escreveu:
> That's really weird, can you send us your configuration info (snort version,
> OS, architecture) and rules file?
It's running in a FreeBSD4.0Release Box, snort v.1.6.3,
the ruleset is 07062kany.rules . I've tweaked some of
the rules, changing from ALERT to LOG, to minimize the
output in the console/messages file, which I check
>> One question: I'm using snort_stat.pl to look at the logfiles.
>> I saw every day several entries that has ALERT in the description
>> of the attack/probe. All of them are directed to our irc server.
>> But in the rules there's no entry pointing to the common irc port, nor
>> that 'ALERT' definition. So I suppose it's in the code. Does this
>> ALERT message means something else - can I safely ignore it and
>> how can I block that message from appearing in the logs ?
CompuLand ISP Admin
GnuPG Public Key: http://www.compuland.com.br/helio/gpgpublic.txt
... I don't like FRANK SINATRA or his CHILDREN.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the Snort-users