[Snort-users] Snort Filtering
michale at ...9068...
Tue Apr 29 15:12:07 EDT 2003
OK, it sounds like logging EVERYTHING might not be a wise approach.
I did (and am again) using the newest RULES downloaded from snort.org.
So, maybe the approach I am looking is to have it use THAT ruleset,
but then put in domains and IPs that I want it to log activity from...
Is that a similiar procedure to the one of NOT logging specified
domains and IPs??
Tuesday, April 29, 2003, 6:01:24 PM, you wrote:
ND> Michale <michale at ...9068...> wrote asking:
>> I know how to make SNORT log ALL activity..
ND> This is probably not a good approach because security-related
ND> traffic will get swamped in the noise. If you haven't already,
ND> I suggest you start with the ruleset shipped with the Snort
>> But can I filter out the logging based on IP or Domain Name..
ND> Yes, but the subject is a big one and is well covered in the
ND> manual. If you don't have a copy, it's available at the snort
ND> Pay particular attention to what are called "pass" rules as a
ND> means of ignoring traffic from hosts believed to be friendly.
ND> Best regards,
ND> Neil Dickey, Ph.D.
ND> Research Associate/Sysop
ND> Geology Department
ND> Northern Illinois University
ND> DeKalb, Illinois
Michale mailto:michale at ...9068...
More information about the Snort-users