[Snort-users] No logging from localhost?

Whaley, Mike mwhaley at ...5464...
Fri May 3 09:11:03 EDT 2002


Here's the scenario...


When accessing the acid web pages from a remote machine, snort picks up on
the viewing of events and logs the event in the database.  The IP logged is
the snort sensor.

Specific Scenario...

Say there is 10 events for the classification kicka$$-porn.  I go and view
those events with the acid interface from a remote machine.  Then snort
picks up on the word "porn" and logs another 20 or so events in the
database.  Now, instead of having 10 events for porn I know have 30 events
with a two-thirds of them originating from the sensor.

Is there a way to tell snort NOT to log events that originate from my
sensor?  Is this a good Idea or will I cause myself problems in the future?
I imagine this is happening with other events too that I am viewing.  Is
this correct?  Thank you very much for your help.

Mike Whaley




More information about the Snort-users mailing list