These forums have been switched to read-only mode as of March 1, 2011. The content that already existed here will be retained for posterity. No new posts will be accepted here. For more information and for the address of the new forums, see this page: http://snort.org/community/groups
Forums Snort Advanced

source/destination address in a log file

Subscribe to source/destination address in a log file 1 post(s), 1 voice(s)

 
17 Mar, 2010 10:13 AM
Avatar bach 2 post(s)

Empty_starEmpty_starEmpty_starEmpty_starEmpty_star

I have SNORT configured to listen on the monitor port of CISCO switch, which is also directly connected to the internet provider.

The problem I have is that when I´m using BASE to check for the events all my source addresses are the same for the outgoing connections, basically the static IP address my provider gives me.

The same happens for incoming traffic, but there the destination address is always the same.

How can I configure SNORT to put internal-LAN IP addresses to the log instead of the gateway one ?

thanks
Forums Snort Advanced

©2009 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved. Terms of Use | Privacy Policy