Get a copy of NMAP and start scanning devices on your network to see if the
Snort box catches it. If not, you'll need to go over your config settings
with a fine-tooth comb. You'll usually find that a type in the network
address or something is easy to do.
The DNS variable is for you to put
I have snort running on my system, but it logs some stuff that I don't need.
Can I set it up in any way that it doesn't log the connections from my
computer to the proxies I'm using ( 213.224.83.x ) ?
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
On Fri, 20 Sep 2002, Vandenbore Sebastiaan wrote:
I have snort running on my system, but it logs some stuff that I don't need.
Can I set it up in any way that it doesn't log the connections from my
computer to the proxies I'm using ( 213.224.83.x ) ?
I'm a newcomer to Snort myself, so the
Chris,
Your advice is largely accurate, but an easier way to set the $EXTERNAL_NET
variable would be to set it equal to !$MY_NET. Keeps the code a little
neater.
You definately want to set $EXTERNAL_Net to be equal to !$MY_NET to resuce
false positives internally.
On Friday 20 September