Snort: Are Blocked IP addressed logged after they are released again
-
Snort releases the IP addresses of blocked hosts after 60 minutes. Once they are released I cannot see there IP addresses using the webGUI. Can I find them in a logfile or whatsoever?
-
Snort releases the IP addresses of blocked hosts after 60 minutes. Once they are released I cannot see there IP addresses using the webGUI. Can I find them in a logfile or whatsoever?
The Ips are logged in the alerts tab.
Moreove, you can go to the advanced tab and send alerts to the system log.
James
-
Hmmm, I've looked at the advanced tab, but what do I need to fill in there to send the alerts to the system log?
-
Hmmm, I've looked at the advanced tab, but what do I need to fill in there to send the alerts to the system log?
Goto Advanced tab -> and check the Send alerts to main System logs -> Click save and restart snort.
-
jamesdean I turned out that I didn't have the latest version of snort installed
Thnx!