[Snort-users] Minimize logging
rmontessi at ...131...
Thu Jan 3 22:18:04 EST 2002
Currently all outgoing traffic is being logged; e.g.
http, smtp, news etc. I want to only log traffic
coming in. This is a single user machine. From what
I've read the way to do this is to add the following
to the /etc/snort/local.rules:
pass EXTERNAL_NET any -> any any # this is on eth1
with a cable-modem connection
and add -o to the init script.
Is this correct? I don't want to defeat the purpose
of the app.
Linux i686, 2.4.16 kernel, snort 1.8
Do You Yahoo!?
Send your FREE holiday greetings online!
More information about the Snort-users