|
-
September 6th, 2006, 01:32 PM
#1
snort logging
Is there a way to log certain signatures/alerts to a specific log file or database using one instance of snort or one config?
Example:
I want to log all SPYWARE-DNS DNS lookup (part of the blackhole dns project) to a file and exclude them from being logged to my main alert database.
These rules are located @ http://www.bleedingsnort.com/blackho...ware-dns.rules
I'm currently running instance of snort with three rulesets.
The official set http://www.snort.org/
The community set http://www.snort.org/
Bleeding Snort set http://www.bleedingsnort.com/
In addition, I just want the blackhole dns just to see if/when any boxes look up spyware domains.
I have this running, but I'd like it in either a separate database or log.
I'm thinking that I should just create a new config and run a separate instance of snort?
Will that cause problems running two instances of snort on one interface?
Or, should I install yet another NIC just for that config?
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote