[Snort-users] configuring snort

jzorzi at ...13110... jzorzi at ...13110...
Tue Mar 1 08:18:26 EST 2005


I'm trying to set up snort log monitoring and real time alerts.
I've editted the standard snort.conf file.
I've modified the HOME_NET var to the appropriate sets of IP addresses and
left the EXTERNAL_NET to any
 
The thing is that it's logging the local machine in the alert logs.  I'm
guessing the EXTERNAL_NET var is causing this but i don't know what to set
it to.
 
Can anyone give me any insight.  An explanation on how snort uses these
variables would be great too.
 
Thanx in advance for your help
 

Jay Zorzi
Systems Administrator, Information Technology

MarketLink Solutions
see further. achieve more.

e - jzorzi at ...13110...
t - 416.260.2800 x299
f - 416.260.2893 

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050301/224efba1/attachment.html>


More information about the Snort-users mailing list