[Snort-users] Minimize logging

Rinaldi Montessi rmontessi at ...131...
Thu Jan 3 22:18:04 EST 2002

Currently all outgoing traffic is being logged; e.g.
http, smtp, news etc.  I want to only log traffic
coming in.  This is a single user machine.  From what
I've read the way to do this is to add the following
to the /etc/snort/local.rules:

pass EXTERNAL_NET any -> any any # this is on eth1
with a cable-modem connection

and add -o to the init script.

Is this correct?  I don't want to defeat the purpose
of the app.

Linux i686, 2.4.16 kernel, snort 1.8 


Do You Yahoo!?
Send your FREE holiday greetings online!

More information about the Snort-users mailing list