[Snort-users] Snort Logging Question

Jay Hall jhall at ...11198...
Fri Feb 12 17:14:58 EST 2010


On Feb 12, 2010, at 4:02 PM, Joel Esler wrote:

> Can you give us an example of what is logged that you don't want  
> logged?  That way we can help you in turning it off.
>
> J
>
Here is an example of what is logged.

[**] [116:58:1] (snort_decoder): Experimental Tcp Options found [**]
[Priority: 3]
02/12-15:50:24.602618 0:11:92:FA:93:80 -> 0:B0:D0:D1:F3:AF type:0x800  
len:0x4A
172.16.8.11:3733 -> 10.129.10.41:389 TCP TTL:124 TOS:0x0 ID:54890  
IpLen:20 DgmLen:60 DF
******S* Seq: 0x1BF88BDC  Ack: 0x0  Win: 0xFAF0  TcpLen: 40
TCP Options (7) => MSS: 1460 NOP NOP SackOK Opt 76 (8): 0101 AC10 080C  
0005  NOP EOL

I am starting Snort using the following:

./snort -c /usr/local/snort/etc/snort/snort.conf -de -N -l /var/log/ 
snort -d

Thanks for your help.


Jay




More information about the Snort-users mailing list