[Snort-users] snort on a worksation (fc1) <-- router <-- cable-modem <-- internet

steph march smarchand291 at ...4554...
Tue May 11 13:53:09 EDT 2004


Hello dear mailing list users !

Question about snort and snort.conf

more precisely var HOME_NET:
I'm using 192.168.1.1 for the router,
.2 to .10 and .192 are internal WStation.

I would like to monitor for internet activity
and not the internal activity, but I'm having
trouble understanding how to do that with a router.
(and for sure, activity on the workstation with
snort, which is, let say, 192.168.1.3)

So it will look like this :
var HOME_NET [192.168.1.0/24]

but what happen if 192.168.1.1 is the router ?
and what about the workstation with snort (192.168.1.3) ?

My snort logs are awfully big :(

Thanks a million !





More information about the Snort-users mailing list