[Snort-users] Snort Filtering

twig les twigles at ...131...
Tue Apr 29 15:31:03 EDT 2003


You may want to log everything for various reasons and I would
like that luxury myself, but I would do that on a seperate box
from the IDS.


--- Michale <michale at ...9068...> wrote:
> Hello,
> 
> OK, it sounds like logging EVERYTHING might not be a wise
> approach.
> :^)
> 
> I did (and am again) using the newest RULES downloaded from
> snort.org.
> 
> So, maybe the approach I am looking is to have it use THAT
> ruleset,
> but then put in domains and IPs that I want it to log activity
> from...
> 
> Is that a similiar procedure to the one of NOT logging
> specified
> domains and IPs??
> 
> 
>                    Michale
> 
> 
>                    
> 
> 
> Tuesday, April 29, 2003, 6:01:24 PM, you wrote:
> 
> 
> ND> Michale <michale at ...9068...> wrote asking:
> 
> >>  I know how to make SNORT log ALL activity..
> 
> ND> This is probably not a good approach because
> security-related
> ND> traffic will get swamped in the noise.  If you haven't
> already,
> ND> I suggest you start with the ruleset shipped with the
> Snort
> ND> distribution.
> 
> >>  But can I filter out the logging based on IP or Domain
> Name..
> 
> ND> Yes, but the subject is a big one and is well covered in
> the
> ND> manual.  If you don't have a copy, it's available at the
> snort
> ND> website:
> 
> ND>   http://www.snort.org
> 
> ND> Pay particular attention to what are called "pass" rules
> as a
> ND> means of ignoring traffic from hosts believed to be
> friendly.
> 
> ND> Best regards,
> 
> ND> Neil Dickey, Ph.D.
> ND> Research Associate/Sysop
> ND> Geology Department
> ND> Northern Illinois University
> ND> DeKalb, Illinois
> ND> 60115
> 
> 
> 
> --
> 
>  
> Best regards,
>  Michale                            mailto:michale at ...9068...
> 
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
Emo is what happens when the glee club goes punk.       
-----------------------------------------------------------

__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com




More information about the Snort-users mailing list