Snort issues
-
two quick questions;
when snort blocks someone what file does it write the ip in? i looked in /usr/local/etc/snort but couldnt find where it lists the host ip…
also,
on the block page it says: "This page lists hosts that have been blocked by Snort. Hosts are automatically deleted every hour." however on the front settings page theres an option that says: "Remove blocked hosts every" ... which one is true then? if i set the option for 12 hours will it remain blocked for 12 hours? what about the text on the blocked page above?
-
The text changes with the setting.
-
two quick questions;
when snort blocks someone what file does it write the ip in? i looked in /usr/local/etc/snort but couldnt find where it lists the host ip…
also,
on the block page it says: "This page lists hosts that have been blocked by Snort. Hosts are automatically deleted every hour." however on the front settings page theres an option that says: "Remove blocked hosts every" ... which one is true then? if i set the option for 12 hours will it remain blocked for 12 hours? what about the text on the blocked page above?
Snort does not write blocked ips to file.
Snort adds blocked ips to pf table.James