[Snort-users] I want certain IP adresses not to be logged

Gonzalez, Albert albert.gonzalez at ...7950...
Mon Jan 13 06:39:02 EST 2003


Let me see if I get this right, you want to *log* certain IP's and discard
others?

Well first off, if you are seeing traffic from yourself, try to correctly
address your HOME_NET
variable, and or setting those proxy scanners in ignore hosts (i do for
stephenson.freenoe.net)
and as far as to ignore certain traffic, try using this[1].

Cheers!

[1] - http://www.theadamsfamily.net/~erek/snort/ignore.txt

--
Alberto Gonzalez
EDS - Global Security Operations Center
Security and Privacy Professional Servics



-----Original Message-----
From: Jeroen Diederen [mailto:jeroen at ...7984...]
Sent: Sunday, January 12, 2003 6:05 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] I want certain IP adresses not to be logged


Hi there,

I have read the manual but did not come across the solution. I'd like to 
create a list (certain rule ?) of IP addresses that I would not like to 
have logged each time. I get a lot of noise in my log results by proxy 
protectors, myself etc, so I want to get rid of these logs. Is there a 
way to do this ?

Regards,
Jeroen Diederen



-------------------------------------------------------
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your  SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list