[Snort-users] Viewing ACID set's off P..O..R..N rules ...

Jason Whitson jason at ...9559...
Mon Jul 21 14:13:19 EDT 2003


So ...

/usr/local/bin/snort -U -d -D -c /etc/snort/snort.conf not \ 172.16.1.172:80
?

Because that didn't work. Do I surround my IP in ( ) ... ?


- Jason


----- Original Message -----
From: "Scott Renna" <srenna at ...9588...>
To: "'Jason Whitson'" <jason at ...9559...>;
<snort-users at lists.sourceforge.net>
Sent: Monday, July 21, 2003 3:32 PM
Subject: RE: [Snort-users] Viewing ACID set's off P..O..R..N rules ...


> Try this from 7/8:
>
> Bryan Irvine <bryan.irvine at ...9066...> writes:
>
> > Is there a way to get snort to skip over ip's?  I keep tripping the
> > porno alerts whenever I view someone elses porno log in acid.  I'd
> > like for it to not log my ip.
>
> The easiest way is to do a bpf filter on the snort command line
>
> snort <args> not \( host <ip> and port 80 \)
> --
> Chris Green <cmg at ...1935...>
> I've had a perfectly wonderful evening. But this wasn't it.
>      -- Groucho Marx
>
>
>
> ***************************
> Scott Renna
> Head Systems Administrator
> Dynamic Animation Systems
> 703-503-0500
>
> ***************************
>
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Jason
> Whitson
> Sent: Monday, July 21, 2003 4:24 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Viewing ACID set's off P..O..R..N rules ...
>
>
> Well today I decided to turn on the P..O..R..N ruleset to see if anyone
> here wan't working on ... work.
>
> Much to my surprise, ACID "blew up" with Rule violations. This is great
> and all but when I view the rule violations in the ACID console and
> refresh to see the latest, all the rules that were listed get relisted
> because I was viewing them!
>
> Is there a way to exclude the machine I use to view the ACID console
> from the rules? I would hate to have to explain the rule violationsfrom
> my workstation. Even though the source IP is the box running snort ...
>
> - Jason
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
> same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
> same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list