mike Hughes said: > Whats Up! > > I have Bind9 and the snort 1.9.1 running on my Linux 7.3 machine. But
> "/var/log/snort/206.204.10.200" > "/var/log/snort/206.204.10.200/ICMP_ECHO" > // Queries. Duh. > category queries { named_info; }; change from named_info; to null; this is my log config for BIND 8 (seems similar to BIND9) logging { channel chroot_default { file "log/named.log" versions 3 size 10m; print-time yes; print-category yes; severity info; }; channel chroot_debug { file "log/debug.log" versions 3 size 10m; print-time yes; print-category yes; severity dynamic; }; channel syslog_server { syslog daemon; print-category yes; severity info; }; category default { syslog_server; }; category panic { syslog_server; }; category packet { chroot_debug; }; category lame-servers { null; }; category queries { null; }; category statistics { syslog_server; }; category config { syslog_server; }; category parser { syslog_server; }; category ncache { syslog_server; }; category xfer-in { syslog_server; }; category xfer-out { syslog_server; }; category db { syslog_server; }; category eventlib { chroot_default; }; category notify { syslog_server; }; category cname { syslog_server; }; category security { syslog_server; }; category os { syslog_server; }; category insist { syslog_server; }; category maintenance { syslog_server; }; category load { syslog_server; }; category response-checks { syslog_server; }; }; I run my BIND with /usr/sbin/named -u named -g named -t /etc/bind (on debian systems) be sure to restart BIND after changing the config. as for snort, you must tune it. see the snort docs on how to do this. I use PureSecure(www.demarc.com) for my snort, works extremely well. nate -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list