[Snort-users] Snort Filtering
neil at ...1633...
Tue Apr 29 15:02:08 EDT 2003
Michale <michale at ...9068...> wrote asking:
> I know how to make SNORT log ALL activity..
This is probably not a good approach because security-related
traffic will get swamped in the noise. If you haven't already,
I suggest you start with the ruleset shipped with the Snort
> But can I filter out the logging based on IP or Domain Name..
Yes, but the subject is a big one and is well covered in the
manual. If you don't have a copy, it's available at the snort
Pay particular attention to what are called "pass" rules as a
means of ignoring traffic from hosts believed to be friendly.
Neil Dickey, Ph.D.
Northern Illinois University
More information about the Snort-users