[Snort-users] Passing IP Addresses best practices
erek at ...950...
Wed Sep 24 08:14:21 EDT 2003
On Tue, 23 Sep 2003, Richard Brackett wrote:
> So what's your opinion on Snort management interfaces? Is there such an
> animal out there that I can leave Snort untouched as far as rules go and
> then filter out the events I don't want after they've reached a
> management interface?
Untouched == bad idea.
Tune your rules, that's the best thing. Use whatever interface you want,
just as long as it works for you. Once you make rule changes use
something like Oinkmaster to do your rule updates and you should be fine.
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users