Re: No logging from localhost?

[Erek Adams <erek () theadamsfamily net>]

On Fri, 3 May 2002, Whaley, Mike wrote:

[...snip...]

> Say there is 10 events for the classification kicka$$-porn.  I go and view
> those events with the acid interface from a remote machine.  Then snort
> picks up on the word "porn" and logs another 20 or so events in the
> database.  Now, instead of having 10 events for porn I know have 30 events
> with a two-thirds of them originating from the sensor.
>
> Is there a way to tell snort NOT to log events that originate from my
> sensor?  Is this a good Idea or will I cause myself problems in the future?
> I imagine this is happening with other events too that I am viewing.  Is
> this correct?  Thank you very much for your help.

Well, two things leap to mind.  1)  Change EXTERNAL_NET from 'any' to
!$HOME_NET and 2) bind your ACID webserver to the loopback and use SSH to
tunnel back to your side.

Hope that helps!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users