[Snort-users] ALERT in logs

Helio Coelho Jr. - CompuLand ISP Admin helio at ...119...
Tue Sep 19 19:49:47 EDT 2000


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Em 15-Sep-2000 Martin Roesch escreveu:
> That's really weird, can you send us your configuration info (snort version,
> OS, architecture) and rules file?

It's running in a FreeBSD4.0Release Box, snort v.1.6.3, 
the ruleset is 07062kany.rules . I've tweaked some of
the rules, changing from ALERT to LOG, to minimize the
output in the console/messages file, which I check
with logcheck.

Best Regards,
Helio.


>>   One question: I'm using snort_stat.pl to look at the logfiles.
>> I saw every day several entries that has ALERT in the description
>> of the attack/probe. All of them are directed to our irc server.
>> But in the rules there's no entry pointing to the common irc port, nor
>> that 'ALERT' definition. So I suppose it's in the code. Does this
>> ALERT message means something else - can I safely ignore it and
>> how can I block that message from appearing in the logs ?

- -- 
CompuLand ISP Admin
GnuPG Public Key: http://www.compuland.com.br/helio/gpgpublic.txt
- --
... I don't like FRANK SINATRA or his CHILDREN.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE5x/ubs4JCXSskkw8RAjqHAJ42P6ndO8laFV+iJFfTingImeC6lgCfU6Bn
s/7MsRrrAr0X7iKTRY3vpuA=
=0Exn
-----END PGP SIGNATURE-----



More information about the Snort-users mailing list