[Snort-users] Specific Host Filter
frank at ...9761...
Fri May 14 08:56:01 EDT 2004
On Fri, 2004-05-14 at 10:15, Todd.Lambdin wrote:
> Is there an easy way to implement a filter so that I can watch traffic
> between the sensor host and 1 other system only? I do not want to
> capture all traffic to the sensor, only traffic from 1 specific host.
Is that not in the FAQ? Limit traffic using the BPF filter. For example:
snort -c snort.conf -l /var/log host 220.127.116.11
That will only log/alert on packets from/to host 18.104.22.168.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: This is a digitally signed message part
More information about the Snort-users