[Snort-users] Snort logging way too much
ochronus at ...11210...
Sun Feb 15 23:06:03 EST 2004
Thank you, this worked!
When you say logs packets/flows aimed to another machine I assume you
are talking about getting alerts for packets not originating or destined
for your machine.
There are many rules that do not use HOME_NET and EXTERNAL_NET and it
could be that you are noticing these events fire.
If you want to prevent snort from analyzing any traffic not originating
or destined for your machine use a bpf
snort -i eth0 -p -c snort.conf host 10.1.2.3
This could miss attacks that use a broadcast medium but I think your
risk there is fairly low since it is not a win* machine.
More information about the Snort-users