[Snort-users] Ignore some ip's
laracroft at ...2400...
Wed Jun 27 04:06:51 EDT 2001
I have installed a snort in a linux-firewall, my network is:
internet -> firewalll & snort -> internet servers
In my snort log appears many entries of source conexions from my
internet servers. I don't want this, i want that snort ignore the
conexions from my internet servers to another sites.
How can i do this? i have put this in my snort.conf:
var DNS_SERVERS [ip_primary_dns_server/32,ip_secundary_dns_server/32]
preprocessor portscan-ignorehosts: $DNS_SERVERS
but in my snort log there is already many entries from dns_servers.
More information about the Snort-users