IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort test logs available?

From: "Chris Petersen" <chris () security-conscious com>
Date: Sun, 27 Apr 2003 10:06:42 -0400
You can also find network data containing attacks at
http://www.ll.mit.edu/IST/ideval/data/data_index.html.  This was a
project done by MIT/DARPA.  There are weeks worth of data from 98/99
generated in a "real-world" setting.  These are also tcpdump files.  

Whether you use these or the ones from SANS you will want to run snort
in replay mode using the -r switch.  This will run Snort against the
TCPDump file and generate Snort alerts/logs.

snort -c /etc/snort/snort.conf -r /data/mit_data/wk1day1_tcpdump

Good luck.

Chris Petersen
Security Conscious, Inc.
www.security-conscious.com


-----Original Message-----
From: Bill Royds [mailto:Bill () royds net] 
Sent: Saturday, April 26, 2003 2:12 PM
To: Shwaine; focus-ids () securityfocus com
Subject: Re: Snort test logs available?


SANS has a repository of Snort logs for use in the GCIA 
intrusion detection certification at http://www.incidents.org/logs/Raw

These are tcdump format files from a Snort installation. They 
only reflect packets that triggered the alerts.



----- Original Message ----- 
From: "Shwaine" <shwaine () shwaine com>
To: <focus-ids () securityfocus com>
Sent: Friday, April 25, 2003 5:28 AM
Subject: Snort test logs available?


: Hi all,
:
: I am currently involved in a research project as part of my thesis
: research that uses Snort log data. Right now, we are trying to make
: sure our tools work well on a wide variety of Snort logging formats
: and versions. To this end, I was wondering if there are any public
: repositories of Snort logs which we could use to test our tools.
:
: Melissa Danforth
: UC Davis Seclab
:
:
:
: 
--------------------------------------------------------------
------------
----
: INTRUSION PREVENTION: READY FOR PRIME TIME?
:
: IntruShield now offers unprecedented Intrusion 
IntelligenceTM capabilities -
: including intrusion identification, relevancy, direction, 
impact and analysis - enabling a path to prevention.
:
: Download the latest white paper "Intrusion Prevention: 
Myths, Challenges, and Requirements" at: 
http://www.securityfocus.com/IntruVert-focus-> ids
:
:




--------------------------------------------------------------
----------------
INTRUSION PREVENTION: READY FOR PRIME TIME?
 
IntruShield now offers unprecedented Intrusion IntelligenceTM 
capabilities - 
including intrusion identification, relevancy, direction, 
impact and analysis - enabling a path to prevention. 
 
Download the latest white paper "Intrusion Prevention: Myths, 
Challenges, and Requirements" at: 
http://www.securityfocus.com/IntruVert-focus-> ids






------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?
 
IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - 
including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. 
 
Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: 
http://www.securityfocus.com/IntruVert-focus-ids
Previous By Date Next
Previous By Thread Next

Current thread: