[Snort-users] Snort Logging Question
jhall at ...11198...
Fri Feb 12 17:14:58 EST 2010
On Feb 12, 2010, at 4:02 PM, Joel Esler wrote:
> Can you give us an example of what is logged that you don't want
> logged? That way we can help you in turning it off.
Here is an example of what is logged.
[**] [116:58:1] (snort_decoder): Experimental Tcp Options found [**]
02/12-15:50:24.602618 0:11:92:FA:93:80 -> 0:B0:D0:D1:F3:AF type:0x800
172.16.8.11:3733 -> 10.129.10.41:389 TCP TTL:124 TOS:0x0 ID:54890
IpLen:20 DgmLen:60 DF
******S* Seq: 0x1BF88BDC Ack: 0x0 Win: 0xFAF0 TcpLen: 40
TCP Options (7) => MSS: 1460 NOP NOP SackOK Opt 76 (8): 0101 AC10 080C
0005 NOP EOL
I am starting Snort using the following:
./snort -c /usr/local/snort/etc/snort/snort.conf -de -N -l /var/log/
Thanks for your help.
More information about the Snort-users