[Snort-users] New to snort

Bruno Gimenes Pereti pereti at ...3411...
Tue Oct 2 06:38:04 EDT 2001


Hi Johnno,

If the problem is the log use this configuration in apache for stop loging
this attempts. It's from Scott from the linuxsecurity list.

SetEnvIfNoCase Request_URI "^/scripts/"  nolog
SetEnvIfNoCase Request_URI "^/msadc/"    nolog
SetEnvIfNoCase Request_URI "^/_vti_bin/" nolog
SetEnvIfNoCase Request_URI "^/_mem_bin/" nolog
SetEnvIfNoCase Request_URI "^/c/winnt/"  nolog
SetEnvIfNoCase Request_URI "^/d/winnt/"  nolog
SetEnvIfNoCase Request_URI "^/default.ida" nolog
Redirect gone /scripts/
Redirect gone /msadc/
Redirect gone /_vti_bin/
Redirect gone /_mem_bin/
Redirect gone /c/winnt/
Redirect gone /d/winnt/
Redirect gone /default.ida

Now add "env=!nolog" to the end of your CustomLog directive, like this:

CustomLog /usr/local/apache/logs/access_log common env=!nolog

Hope this helps...

Bruno Gimenes Pereti.

----- Original Message -----
From: "Johnno" <valentine at ...3655...>
To: <snort-users at lists.sourceforge.net>; <mike at ...1708...>
Sent: Monday, October 01, 2001 10:25 PM
Subject: Re: [Snort-users] New to snort


> so how would a go about  stopping the cmd.exe etc..  as these are hitting
> the network about every 2-3 hours.. altho i am using linux.. i am finding
it
> a pain as my apache logs are filled up with this sort of junk...
>
> I am wanting to stop it at the gateway computer so my logs don't get full
of
> this virus/hacker attempt.
>
> because the ip changes all the time using a normal firewall it not going
to
> cut..  Then I was told about snort and how it could stop this junk getting
> throw....
>
> Many Thanks,
>                         Johnno





More information about the Snort-users mailing list