[Snort-users] Snort Filtering

Neil Dickey neil at ...1633...
Tue Apr 29 15:02:08 EDT 2003


Michale <michale at ...9068...> wrote asking:

>  I know how to make SNORT log ALL activity..

This is probably not a good approach because security-related
traffic will get swamped in the noise.  If you haven't already,
I suggest you start with the ruleset shipped with the Snort
distribution.

>  But can I filter out the logging based on IP or Domain Name..

Yes, but the subject is a big one and is well covered in the
manual.  If you don't have a copy, it's available at the snort
website:

  http://www.snort.org

Pay particular attention to what are called "pass" rules as a
means of ignoring traffic from hosts believed to be friendly.

Best regards,

Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois
60115






More information about the Snort-users mailing list