|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Whaley, Mike (mwhaley
rightnow.com)Date: Fri May 03 2002 - 11:10:07 CDT
Here's the scenario...
When accessing the acid web pages from a remote machine, snort picks up on
the viewing of events and logs the event in the database. The IP logged is
the snort sensor.
Specific Scenario...
Say there is 10 events for the classification kicka$$-porn. I go and view
those events with the acid interface from a remote machine. Then snort
picks up on the word "porn" and logs another 20 or so events in the
database. Now, instead of having 10 events for porn I know have 30 events
with a two-thirds of them originating from the sensor.
Is there a way to tell snort NOT to log events that originate from my
sensor? Is this a good Idea or will I cause myself problems in the future?
I imagine this is happening with other events too that I am viewing. Is
this correct? Thank you very much for your help.
Mike Whaley
_______________________________________________________________
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidthsourceforge.net
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]