[Snort-users] rules difficulty
roesch at ...1935...
Sun Oct 28 07:27:03 EST 2001
You can simplify this greatly.
var $HOME_NET x.117.88.0/24
log ip any any <> $HOME_NET any
That's all you need.
Greg Sarsons wrote:
> I'm having trouble getting my rule to do what I want. It is simple all
> I want is to log everything from this range ie see what traffic is
> coming and going from the network.
> the range is x.117.88.0 to x.117.95.255
> log tcp $EXTERNAL_NET any <> $HOME_NET any ..
> log upd $EXTERNAL_NET any <> $HOME_NET any ..
> log icmp $EXTERNAL_NET any <> $HOME_NET any ..
> log ip $EXTERNAL_NET any <> $HOME_NET any ..
> I guess my confusion is over getting the correct HOME_NET and
> EXTERNAL_NET variables.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Martin Roesch - President, Sourcefire Inc. - (410)552-6999
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
More information about the Snort-users