[Snort-users] Snort logging way too much

Ochronus ochronus at ...11210...
Sun Feb 15 23:06:03 EST 2004


Thank you, this worked!


Regards,
Ochronus





------------------------
When you say logs packets/flows aimed to another machine I assume you 
are talking about getting alerts for packets not originating or destined 
for your machine.

There are many rules that do not use HOME_NET and EXTERNAL_NET and it 
could be that you are noticing these events fire.

If you want to prevent snort from analyzing any traffic not originating 
or destined for your machine use a bpf

snort -i eth0 -p -c snort.conf host 10.1.2.3

This could miss attacks that use a broadcast medium but I think your 
risk there is fairly low since it is not a win* machine.






More information about the Snort-users mailing list