[Snort-users] home_net and ext_net question
neil at ...1633...
Wed Apr 23 13:57:05 EDT 2003
"Mike Zupan" <mzupan at ...8987...> wrote asking:
>var HOME_NET [188.8.131.52/24,184.108.40.206/24]
>var EXTERNAL_NET [220.127.116.11/24,18.104.22.168/24] (i have also tried just any)
Why do you have HOME_NET and EXTERNAL_NET set identically?
... Just curious.
>This is an example of what I want to stop snort from logging.
>snmp connections from 22.214.171.124 -> 126.96.36.199
I would try something like this in local.rules:
pass udp 188.8.131.52 any -> 184.108.40.206 any
Use the "-o" switch on the command line when invoking Snort if you're
not already. If specific ports are involved, then use them instead
>i also get cgi-redirect snort logs from desktops in the 66 class C range.
>Is there a way to stop logging when connecting to other internal servers.
I suspect more pass rules would help you here, perhaps like the one
above? I'd need more information on the cgi-redirect stuff to be more
I hope this helps.
Neil Dickey, Ph.D.
Northern Illinois University
More information about the Snort-users