[Snort-users] Sensor

Pavel Alexandrov root4root at ...11827...
Fri Sep 4 14:44:52 EDT 2015


Hi all!

Is it way to capture certain packets with snort? Some kind of "iptables
ULOG" or "pcap rule"?
My goal - reduce CPU utilization. Lets say I drop all packets on firewall,
but port 80. And I don't want to snort process packets which will be droped
on firewall anyway.

Thanks for advice

Paul.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150904/84381449/attachment.html>


More information about the Snort-users mailing list