[Snort-users] Minimize logging
cpw at ...440...
Fri Jan 4 07:29:05 EST 2002
On Thu, Jan 03, 2002 at 10:17:54PM -0800, Rinaldi Montessi wrote:
> Currently all outgoing traffic is being logged; e.g.
> http, smtp, news etc. I want to only log traffic
> coming in. This is a single user machine. From what
> I've read the way to do this is to add the following
> to the /etc/snort/local.rules:
> pass EXTERNAL_NET any -> any any # this is on eth1
Outgoing traffic from your single host would be:
pass ip <your_host_address> any -> any any
where <your_host_address> would be something like
However, I'd just use the -F option and set a filter like:
dst host <your_host_address>
and forget the -o.
(I hope I got this one right...)
> with a cable-modem connection
> and add -o to the init script.
> Is this correct? I don't want to defeat the purpose
> of the app.
> Linux i686, 2.4.16 kernel, snort 1.8
> Do You Yahoo!?
> Send your FREE holiday greetings online!
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Phil Wood, cpw at ...440...
More information about the Snort-users