[Snort-users] loghog question

Miller, Eoin Miller at ...6968...
Mon Oct 7 10:27:02 EDT 2002


from the loghog.conf file reguarding the ignore_host file entries:

###################################################################
#
# Ignore File:
#
# This is simply the file that you deposit ips/classes that you don't wish to block.
# Its quite important that you make sure this file is correct so you don't go about DOSing 
# yourself!  It should be noted that this does not disable alerting as it is informative to
# know if something is happening on one of your hosts so you just don't want to cut it off.
###################################################################


if i was you id just try tweaking the snort alerts so that they arent set off by the servers that you dont want to be notified about.

eoin

> -----Original Message-----
> From: Matthew Harrell [mailto:mhar at ...7038...]
> Sent: Monday, October 07, 2002 1:00 PM
> To: snort-users mailing list
> Subject: [Snort-users] loghog question
> 
> 
> Not sure if this is an appropriate list for a loghog 
> question, but I can't
> find any online resources for issues with loghog (other than 
> e-mailing the
> author).
> 
> I'm running Snort 1.8.7 on Mandrake Linux 9.0 with loghog 0.1.
> 
> I have several entries in my loghog "ignore_hosts" file.  One node is
> giving me constant false alarms, and I'm trying to get loghog to quit
> sending me e-mails about it.  However, even with the entry in 
> ignore_hosts,
> I'm still getting the e-mails.  I've killed and restarted 
> loghog, but I'm
> still getting those darn e-mails.  Any suggestions from other 
> loghog users?
> 
> -----------------
> Matt Harrell
> Plexus Systems
> mhar at ...7038...
> 
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list