Snort mailing list archives
Re: alert
From: "snortlst snortlst" <snortlst () hotmail com>
Date: Tue, 16 Oct 2001 15:52:56 -0500
You see, I'm trying to be a good boy and look into FAQ before asking stupid questions, I looked into FAQ and they didn't tell for example that all alerts are put into the alert file. It's just my guess and I'm sure if it's right or wrong.Snort pdf also misses a lot of 'newbie' things.So I think it's a legitimate question to ask..... And that's strange attitude, like 'Hey, go back and check documentation' (which actually misses some things) Thanks anyway. eliyah lovkoff ccse,ccna,cca,cne4,5, lpic-1,mcse (just trying to say I'm not a complete idiot) ----- Original Message ----- From: "Chris Green" <cmg () uab edu> To: "snortlst snortlst" <snortlst () hotmail com> Cc: <snort-users () lists sourceforge net> Sent: Tuesday, October 16, 2001 2:20 PM Subject: Re: [Snort-users] alert
"snortlst snortlst" <snortlst () hotmail com> writes:Snorts log everything in /var/log/snort I see there alert file and directopries with ip addresses naming
convention.
(NDIS mode) Is that correct to say that ALL alerts are put into alert file and I shouldn't browse all those directories? What those directories (ip addresses) are for?Decoded packet dumps. Will add this to the documentation. -- Chris Green <cmg () uab edu> This is my signature. There are many like it but this one is mine. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users