[Snort-users] Alerts with the incorrect Source IP (proxy server)

Jeremy Hoel jthoel at ...11827...
Wed Oct 24 14:42:10 EDT 2012


Check that out.. learned something new.  I don't have that value in my conf
either but that's something worth looking at.
On Oct 24, 2012 12:38 PM, "beenph" <beenph at ...11827...> wrote:

> On Wed, Oct 24, 2012 at 2:27 PM, Turnbough, Bradley E.
> <bturnbough at ...15650...> wrote:
> > Stupid question, but enable_xff doesn’t exist in my snort.conf.  Where
> does
> > it go?
> >
> >
> >
> >
> >
> >
> >
> > From: Joel Esler [mailto:jesler at ...1935...]
> > Sent: Wednesday, October 24, 2012 1:10 PM
> > To: Jeremy Hoel
> > Cc: Turnbough, Bradley E.; snort-users at lists.sourceforge.net
> > Subject: Re: [Snort-users] Alerts with the incorrect Source IP (proxy
> > server)
> >
> >
> >
> > If you have additional logging turned on, and your proxy supports it,
> (and
> > you have "enable_xff") turned on in the snort.conf we'll log the actual
> IP
> > in the additional data in the unified2 file.
> >
>
> Just to clarify something, barnyard2 will process (read) but will not
> log EXTRA_DATA events to the database.
>
> -elz
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_sfd2d_oct
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121024/e625535d/attachment.html>


More information about the Snort-users mailing list