[Snort-users] Logs

Josué Souza Josue at ...9619...
Tue Jul 15 10:48:29 EDT 2003


I'm a newbie on snort but maybe you should take a look at the flow rule option. It seems that this is used to apply rules to only one direction of the traffic. It's in section 2.3.35 of Snort Users Manual.

Best regards,

Josué José Souza Júnior

Nexos Information Security
josue at ...9619...
+55 71 2106-9125
Salvador - Bahia - Brasil

>>> Helder Miguel Rodrigues <crash at ...9650...> 07/15/03 01:19 >>>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello I have my workstation running snort with no probs.
My workstation is directly connected to the internet via eth0!

so I have in my config file:
var HOME_NET $eth0_ADDRESS
var EXTERNAL_NET !$HOME_NET

But in acid it appears  ATTACK RESPONSES 403 and my CHAT MSN messages, 
how can I prevent to log this things?

I just want to log what came from the internet, not what goes to the 
internet.

Thanks a lot

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/FCmuXuDuuXe+pHkRAvS2AKCF/nMjoNfOPcT5Zne9AgJTz3rVegCgnVm2
jqdZRBrC8edooLSgQD6mqws=
=O4Wx
-----END PGP SIGNATURE-----




-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps1
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030715/b66f7f17/attachment.htm>


More information about the Snort-users mailing list