[Snort-users] Logs

Helder Miguel Rodrigues crash at ...9650...
Tue Jul 15 11:29:26 EDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
I cant change all rules to have the result that i want!
Thanks a lot anyway!

Anyone have another tips?

Cheers

Josué Souza wrote:

| I'm a newbie on snort but maybe you should take a look at the flow 
rule option. It seems that this is used to apply rules to only one 
direction of the traffic. It's in section 2.3.35 of Snort Users Manual.
|  
| Best regards,
|  
| Josué José Souza Júnior
|  
| Nexos Information Security
| josue at ...9619... <mailto:josue at ...9619...>
| +55 71 2106-9125
| Salvador - Bahia - Brasil
|
| >>> Helder Miguel Rodrigues <crash at ...9650...> 07/15/03 01:19 >>>

| Hello I have my workstation running snort with no probs.
| My workstation is directly connected to the internet via eth0!
|
| so I have in my config file:
| var HOME_NET $eth0_ADDRESS
| var EXTERNAL_NET !$HOME_NET
|
| But in acid it appears  ATTACK RESPONSES 403 and my CHAT MSN messages,
| how can I prevent to log this things?
|
| I just want to log what came from the internet, not what goes to the
| internet.
|
| Thanks a lot
|

- -------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps1
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQE/FEfHXuDuuXe+pHkRArAWAKCE4TaGsd9TdMibNanrzFfaSkeu4QCfTqyq
/UX6kAKK+C5pLjCYI+G2C4E=
=CQp5
-----END PGP SIGNATURE-----






More information about the Snort-users mailing list