[Snort-users] rules difficulty
gsarsons at ...530...
Sun Oct 28 07:39:02 EST 2001
but is this only going to give me the traffic to and from network and
not the local to local traffic.
Wow does this ever take a long time to dump into mysql.
On Sun, 2001-10-28 at 10:30, Martin Roesch wrote:
> You can simplify this greatly.
> var $HOME_NET x.117.88.0/24
> log ip any any <> $HOME_NET any
> That's all you need.
> Greg Sarsons wrote:
> > I'm having trouble getting my rule to do what I want. It is simple all
> > I want is to log everything from this range ie see what traffic is
> > coming and going from the network.
> > the range is x.117.88.0 to x.117.95.255
> > log tcp $EXTERNAL_NET any <> $HOME_NET any ..
> > log upd $EXTERNAL_NET any <> $HOME_NET any ..
> > log icmp $EXTERNAL_NET any <> $HOME_NET any ..
> > log ip $EXTERNAL_NET any <> $HOME_NET any ..
> > I guess my confusion is over getting the correct HOME_NET and
> > EXTERNAL_NET variables.
> > Greg
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> Martin Roesch - President, Sourcefire Inc. - (410)552-6999
> roesch at ...1935... - http://www.sourcefire.com
> Snort: Open Source Network IDS - http://www.snort.org
More information about the Snort-users