[Snort-users] Snort Logging Question

Jay Hall jhall at ...11198...
Fri Feb 12 16:58:44 EST 2010


This is the first time I have setup Snort, and I am at a complete  
loss.  I am running Snort on the bridge between my company and our  
parent organization.  They have a habit of scanning networks without  
warning and I would like to know when this happens.

I have created the local.rules file with a couple of rules.  Snort  
starts without any problems.

Unfortunately, all the traffic on the bridge is logged.  I would like  
to only have the traffic which triggers one of the rules in  
local.rules be logged.

I have commented all of the includes, except local.rules, in snort.conf

Any suggestions would be greatly appreciated.

Thanks for your help.


Jay




More information about the Snort-users mailing list