[Snort-users] Don't log events from local interface

Joel Esler joel.esler at ...1935...
Mon Oct 8 11:43:09 EDT 2007


There are a number of ways to do what you are asking.  Basically, you want to ignore events coming from a single host.

The most efficent way to do this from Snort's perspective is a BPF.

Joel


On Mon, Oct 08, 2007 at 02:46:29PM +0000, it looks like co street sent me:
>    Hi all,
> 
>    I've got a basic question:
> 
>     - On my PC, I've got 2 interfaces in bridge mode,
> 
>    - I've got a Nessus to scan my local network,
> 
>    - Snort is in IDS mode.
> 
>    When Nessus scan my local network, Snort detect these potential attacks...
> 
>    But, I want to disable these alarms when my PC scan my local network.
> 
>    Do you have an idea do to do that? Or a link?
> 
>    Many Thanks,
> 
>    Mik
>    PS: sorry for my bad english...
> 
>    --------------------------------------------------------------------------
> 
>    Besoin d'un e-mail ? Cr*ez gratuitement un compte Windows Live Hotmail, la
>    bo*te e-mail enti*rement personnalisable ! [1]Windows Live Hotmail
> 
> References
> 
>    Visible links
>    1. http://www.windowslive.fr/hotmail/default.asp

> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/

> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users







-----
joel esler 
http://demo.sourcefire.com/jesler.pgp.key




More information about the Snort-users mailing list