[Snort-users] Don't log events from local interface

co street co2street at ...125...
Mon Oct 8 12:21:01 EDT 2007


Joel,

Many thanks for this solution (BPF)! And... It's works ! :)

Best Regards,

Mik



> There are a number of ways to do what you are asking.  Basically, you want to ignore events coming from a single host.
> 
> The most efficent way to do this from Snort's perspective is a BPF.
> 
> Joel
> 
> 
> On Mon, Oct 08, 2007 at 02:46:29PM +0000, it looks like co street sent me:
> >    Hi all,
> > 
> >    I've got a basic question:
> > 
> >     - On my PC, I've got 2 interfaces in bridge mode,
> > 
> >    - I've got a Nessus to scan my local network,
> > 
> >    - Snort is in IDS mode.
> > 
> >    When Nessus scan my local network, Snort detect these potential attacks...
> > 
> >    But, I want to disable these alarms when my PC scan my local network.
> > 
> >    Do you have an idea do to do that? Or a link?
> > 
> >    Many Thanks,
> > 
> >    Mik
> >    PS: sorry for my bad english...
> > 
> >    --------------------------------------------------------------------------
> > 
> >    Besoin d'un e-mail ? Cr*ez gratuitement un compte Windows Live Hotmail, la
> >    bo*te e-mail enti*rement personnalisable ! [1]Windows Live Hotmail
> > 
> > References
> > 
> >    Visible links
> >    1. http://www.windowslive.fr/hotmail/default.asp
> 
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc.
> > Still grepping through log files to find problems?  Stop.
> > Now Search log events and configuration files using AJAX and a browser.
> > Download your FREE copy of Splunk now >> http://get.splunk.com/
> 
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> 
> 
> 
> 
> 
> -----
> joel esler 
> http://demo.sourcefire.com/jesler.pgp.key

_________________________________________________________________
Votez pour vos séries TV préférées et tentez de gagner un voyage à Hawaï !
http://messengerawards.divertissements.fr.msn.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20071008/2a1ce6d2/attachment.html>


More information about the Snort-users mailing list