On Fri, 20 Sep 2002, Vandenbore Sebastiaan wrote:
> I have snort running on my system, but it logs some stuff that I don't need. > Can I set it up in any way that it doesn't log the connections from my > computer to the proxies I'm using ( 213.224.83.x ) ? > > I'm a newcomer to Snort myself, so the following may be partially or totally incorrect, but you might like to try it: in the /etc/snort.conf file (check the location of that file!), there should be an item that looks like: $MY_NET=any This Snort variable tells Snort which networks are internal. So, for example, if you want to tell Snort that all of the 213.224.83.x network is an internal network, you put this in snort.conf: $MY_NET=213.224.83.0/24 You can also include other networks in your definition, e.g.: $MY_NET=[213.224.83.0/24,192.168.0.0/24] Now many of the Snort rules use the $EXTERNAL_NET and $MY_NET variables to determine whether there is a potential attack, so if Snort knows which networks are internal then it won't report traffic from those networks as an attack. You _might_ also need to change the $EXTERNAL_NET variable to _exclude_ the networks you have defined for $MY_NET, e.g.: $EXTERNAL_NET=![213.224.83.0/24,192.168.0.0/24] Like I said, this is all I can tell you with my limited experience. If anyone out there knows better, please let us both know! Regards Chris Slater-Walker
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com