-
February 22nd, 2004, 07:07 PM
#1
Member
Snort Montioring (one host vs. network)
ahh.. Snort is a great tool. Takes some time to learn and get comfortable with, but it's worth it.
Question for someone that knows more than I:
- Snort is logging events and alerts on more than just my WinXP box.. I have the $HOME_NET variable set to $(\Device\NPF\_{my NIC interface name}_ADDRESS) in Snort.conf. I do this because I have a dynamic IP address (this is a laptop). Is there something else I must do to restrict alerts and events to my IP address only?
Also, has the spp_portscan.log file been depreciated and replaced by the flow-portscan preprocessor? I'd like to generate a portscan.log file for use with ACID, but the general portscan processor isn't in the conf file (perhaps I can just place it there?)
Mucho Thankso,
l00p
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|