[Snort-users] New to snort
Bruno Gimenes Pereti
pereti at ...3411...
Tue Oct 2 06:38:04 EDT 2001
If the problem is the log use this configuration in apache for stop loging
this attempts. It's from Scott from the linuxsecurity list.
SetEnvIfNoCase Request_URI "^/scripts/" nolog
SetEnvIfNoCase Request_URI "^/msadc/" nolog
SetEnvIfNoCase Request_URI "^/_vti_bin/" nolog
SetEnvIfNoCase Request_URI "^/_mem_bin/" nolog
SetEnvIfNoCase Request_URI "^/c/winnt/" nolog
SetEnvIfNoCase Request_URI "^/d/winnt/" nolog
SetEnvIfNoCase Request_URI "^/default.ida" nolog
Redirect gone /scripts/
Redirect gone /msadc/
Redirect gone /_vti_bin/
Redirect gone /_mem_bin/
Redirect gone /c/winnt/
Redirect gone /d/winnt/
Redirect gone /default.ida
Now add "env=!nolog" to the end of your CustomLog directive, like this:
CustomLog /usr/local/apache/logs/access_log common env=!nolog
Hope this helps...
Bruno Gimenes Pereti.
----- Original Message -----
From: "Johnno" <valentine at ...3655...>
To: <snort-users at lists.sourceforge.net>; <mike at ...1708...>
Sent: Monday, October 01, 2001 10:25 PM
Subject: Re: [Snort-users] New to snort
> so how would a go about stopping the cmd.exe etc.. as these are hitting
> the network about every 2-3 hours.. altho i am using linux.. i am finding
> a pain as my apache logs are filled up with this sort of junk...
> I am wanting to stop it at the gateway computer so my logs don't get full
> this virus/hacker attempt.
> because the ip changes all the time using a normal firewall it not going
> cut.. Then I was told about snort and how it could stop this junk getting
> Many Thanks,
More information about the Snort-users