[Snort-users] excluding a host from rule
Don at ...5881...
Fri May 31 08:33:09 EDT 2002
create a variable named $TRUSTED_HOSTS like so
var $TRUSTED_HOSTS [192.168.0.45/32,192.168.0.91/32]
fill that line in as necessarry and add the !$TRUSTED_HOSTS variable to the
rule your wish to exclude those hosts from, then restart snort.
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Chang, Andre
Sent: Thursday, May 30, 2002 2:20 PM
To: 'snort-users at lists.sourceforge.net'
Subject: [Snort-users] excluding a host from rule
Can you exclude specific hosts from triggering the alert in a rule? But
still get alerted by that rule if any other hosts try the same action.
Example you have a port scan on your network and you do not want to get
alerted by that host doing the scan but you do want to get alerted by anyone
else performing a port scan.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users