[Snort-users] Snort Logging Question
jhall at ...11198...
Fri Feb 12 16:58:44 EST 2010
This is the first time I have setup Snort, and I am at a complete
loss. I am running Snort on the bridge between my company and our
parent organization. They have a habit of scanning networks without
warning and I would like to know when this happens.
I have created the local.rules file with a couple of rules. Snort
starts without any problems.
Unfortunately, all the traffic on the bridge is logged. I would like
to only have the traffic which triggers one of the rules in
local.rules be logged.
I have commented all of the includes, except local.rules, in snort.conf
Any suggestions would be greatly appreciated.
Thanks for your help.
More information about the Snort-users