[Snort-users] Specific Host Filter

Frank Knobbe frank at ...9761...
Fri May 14 08:56:01 EDT 2004


On Fri, 2004-05-14 at 10:15, Todd.Lambdin wrote:
> Is there an easy way to implement a filter so that I can watch traffic
> between the sensor host and 1 other system only?  I do not want to
> capture all traffic to the sensor, only traffic from 1 specific host. 

Is that not in the FAQ? Limit traffic using the BPF filter. For example:
  snort -c snort.conf -l /var/log host 1.2.3.4
That will only log/alert on packets from/to host 1.2.3.4.

Regards,
Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040514/d4a40728/attachment.sig>


More information about the Snort-users mailing list