Snort mailing list archives
RE: New to snort
From: "Michael Steele" <michaels () silicondefense com>
Date: Sun, 3 Mar 2002 17:01:12 -0800
Jeff, I pointed Robert to the real answer. If by sending Robert to our site was misleading, that was not my intention. By sending Robert to our site it gave him all the tools he needed to install a working and fictional IDS center for his Windows box, and the ability to read those confusing alerts. Robert is new to snort and the answer you gave him to his question, most likely confused him with parts of your answer. Remember he is NEW to Snort. All the documentation for Snort was included in the original distribution. I'm almost positive Robert would have read that prior to asking for help, but maybe not. I'm giving Robert the shadow of a doubt and I think he did read it all. Robert is now here for support. With everything I read out of Roberts request I felt it imperative to send Robert to our site for a complete walk through for his question. I answer dozens of these types of questions each week, so I'm pretty intuitive when it comes to reading these types of requests.
Since I'm guessing Robert is looking for a real answer to this
question
rather than an advertisement from Silicon Defense, this might help:
While we monitor several of these lists, we do want to make sure people know that they do have a place to get commercial support for Snort when they need it. Silicon Defense is not here only to offer our superior commercial Snort support, or our high quality "Sentrus" IDS at the best price available on the market today, which is a perfect blend of the #1 most installed IDS in the world, Snort, with a world leader in the network server market, Sun, but we are here to genuinely help people, and I think we have proven that. - Mike Commercial Snort Support <<->> 1.866.41.SNORT Silicon Defense -- www.silicondefense.com Home of the new SENTRUS Snort sensor! Michael Steele - Snort Support Technician -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jeff Nathan Sent: Saturday, March 02, 2002 8:14 PM To: raa () lehighton org Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] New to snort Since I'm guessing Robert is looking for a real answer to this question rather than an advertisement from Silicon Defense, this might help: The files you're asking about are in pcap format. They can be read back in using the -r switch with snort by typing: snort -r snort-0215 () 2045 log | more (if you omit the piping of the output to more, all the information in the log file will scroll by on your display) Additionally, you can read these files with windump: http://netgroup-serv.polito.it/windump/ or Ethereal for windows: http://www.ethereal.com/distribution/win32 If you are new to looking at packets, Ethereal might be the best tool as it's graphical and quite descriptive. And, as a new user to snort you might enjoy reading the snort user's manual: http://www.snort.org/docs/writing_rules/ (there should have been a pdf version in your snort distribution) and the snort FAQ: http://www.snort.org/docs/faq.html Thanks for using snort. -Jeff Michael Steele wrote:
- Mike Commercial Snort Support <<->> 1.866.41.SNORT Silicon Defense -- <www.silicondefense.com> Home of the new SENTRUS Snort sensor! Michael Steele - Snort Support Technician -----Original Message----- From: Michael Steele [mailto:michaels () silicondefense com] Sent: Saturday, March 02, 2002 12:58 PM To: 'raa () lehighton org' Subject: RE: [Snort-users] New to snort Rob, Go to www.silicondefense.com and you will get everything you need. - Mike Commercial Snort Support <<->> 1.866.41.SNORT Silicon Defense -- <www.silicondefense.com> Home of the new SENTRUS Snort sensor! Michael Steele - Snort Support Technician -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Robert Ayers Sent: Friday, March 01, 2002 8:21 AM To: snort-users () lists sourceforge net Subject: [Snort-users] New to snort First let me start off by saying that I just started using SNORT. I'm using the latest release of Snort for Windows, version 1.83. I am getting what appear to be log files that I can't read. I am having a hard time finding a program that will read them. Can anyone tell me
what
switches that I should be using to eliminate this type of log file?
The
files are named like this; snort-0215 () 2045 log. Can someone point me
in
the right direction of the program that I could use to interpret them? TIA Rob _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- http://jeff.wwti.com (pgp key available) "Common sense is the collection of prejudices acquired by age eighteen." - Albert Einstein _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- New to snort Robert Ayers (Mar 01)
- <Possible follow-ups>
- RE: New to snort Tony Carothers (Mar 01)
- RE: New to snort Slighter, Tim (Mar 01)
- RE: New to snort Michael Steele (Mar 02)
- Re: New to snort Jeff Nathan (Mar 02)
- RE: New to snort Michael Steele (Mar 03)
- New to Snort Michael Whaley (Mar 29)
- RE: New to Snort McCammon, Keith (Mar 29)
- RE: New to Snort Andrew Blevins (Mar 29)