[Snort-users] couple questions

Ilya mail at ...3442...
Mon Oct 1 21:21:02 EDT 2001


I have two questions :
1 how can i stop this
10/02-00:15:28.424495  [**] [1:515:2] MISC source port 53 to <1024 [**]
[Classification: Potentially  Bad Traffic] [Priority: 2] {UDP}
xx.xx.xx.xx:53 -> xx.xx.xx.xx:53

i run a dns server, so this traffic should be ok. but i still want to be
notified about everything else "Potentially Bad".

Also in snort.conf I setup :
output alert_syslog: LOG_LOCAL5
but nothing goes to the syslog. however everything is logged to usual files.
I am running freebsd 4.4

thx





More information about the Snort-users mailing list