[Snort-users] Snort logging way too much

Ochronus ochronus at ...11210...
Fri Feb 13 16:29:03 EST 2004


I have a hosted server with a fix IP address. I set $HOME_NET to this address, tried turning on and off promiscuous mode, still snort logs many packets sent to foreing machines, even to ones hosted trivially at other subnets.

Given the above layout (single server, no LAN attached, fix ip), could you give me some hints on configuring the pig for rule-based logging the packets sent only TO MY machine?

Thanks in advance,

More information about the Snort-users mailing list