[Snort-users] Passing IP Addresses best practices

Erek Adams erek at ...950...
Wed Sep 24 08:14:21 EDT 2003


On Tue, 23 Sep 2003, Richard Brackett wrote:

> So what's your opinion on Snort management interfaces? Is there such an
> animal out there that I can leave Snort untouched as far as rules go and
> then filter out the events I don't want after they've reached a
> management interface?

Untouched == bad idea.

Tune your rules, that's the best thing.  Use whatever interface you want,
just as long as it works for you.  Once you make rule changes use
something like Oinkmaster to do your rule updates and you should be fine.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list