[Snort-users] Snort + BB: Ignore BB Activity

Warner Joseph Joseph.Warner at ...6725...
Tue Aug 27 13:26:04 EDT 2002


Hi,

I'm running Snort 1.8.6 on FreeBSD 4.6-STABLE
with the Big Brother System and Network Monitor.

I have Snort logging to a MySQL database and I'm
using a script called ext-snort that displays the
Snort alerts on the BB display page.

Everything seems to work properly with the exception
of the BB server's activity showing up as spp_portscans
in my snort logs.  How do I get this to stop?
 
I saw in a previous email that someone recommended placing
the following line in the snort.conf file:
 
var EXTERNAL_NET !bb_server_ip
 
var EXTERNAL_NET [!ip_subnet.0/24]


I tried both, with and without the brackets and nothing seems to
work.
 
I've searched through the "snort-users" archives and haven't
found anything that helps.
 
Any help with this would be greatly appreciated.
 
Thanks!
 



-------------------------------------------------------------------------------
This message and any included attachments are from Siemens Medical Solutions 
Health Services Corporation and are intended only for the addressee(s).  
The information contained herein may include trade secrets or privileged or 
otherwise confidential information.  Unauthorized review, forwarding, printing, 
copying, distributing, or using such information is strictly prohibited and may 
be unlawful.  If you received this message in error, or have reason to believe 
you are not authorized to receive it, please promptly delete this message and 
notify the sender by e-mail with a copy to CSOffice at ...6726...  Thank you




More information about the Snort-users mailing list