[Snort-users] Viewing ACID set's off P..O..R..N rules ...

Scott Renna srenna at ...9588...
Mon Jul 21 13:33:18 EDT 2003

Try this from 7/8:

Bryan Irvine <bryan.irvine at ...9066...> writes:

> Is there a way to get snort to skip over ip's?  I keep tripping the 
> porno alerts whenever I view someone elses porno log in acid.  I'd 
> like for it to not log my ip.

The easiest way is to do a bpf filter on the snort command line

snort <args> not \( host <ip> and port 80 \)
Chris Green <cmg at ...1935...>
I've had a perfectly wonderful evening. But this wasn't it.
     -- Groucho Marx

Scott Renna
Head Systems Administrator
Dynamic Animation Systems


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Jason
Sent: Monday, July 21, 2003 4:24 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Viewing ACID set's off P..O..R..N rules ...

Well today I decided to turn on the P..O..R..N ruleset to see if anyone
here wan't working on ... work.

Much to my surprise, ACID "blew up" with Rule violations. This is great
and all but when I view the rule violations in the ACID console and
refresh to see the latest, all the rules that were listed get relisted
because I was viewing them!

Is there a way to exclude the machine I use to view the ACID console
from the rules? I would hate to have to explain the rule violationsfrom
my workstation. Even though the source IP is the box running snort ...

- Jason

This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list