Snort mailing list archives
Re: Unified logging
From: "Onie Camara" <neil () restricted dyndns org>
Date: Sun, 31 Mar 2002 14:47:58 -0600
Thanks. I'll try that. Btw, I've read somewhere that unified logging is the way to go. And must be run alongside with barnyard. Can you explain how the process works? I've got a feeling that the logging is realtime but the barnyards pushing of data to the database is not. Am I correct? Neil ----- Original Message ----- From: "Mike Macias" <mike.macias () caci-nsg com> To: "Onie Camara" <neil () restricted dyndns org>; <snort-users () lists sourceforge net> Sent: Sunday, March 31, 2002 1:05 PM Subject: Re: [Snort-users] Unified logging
tcpdump can read these types of files. Use the following syntax: tcpdump -r snort-0331 () 1224 log This tells tcpdump to read from a file instead of sniffing traffic off the wire.Are there programs that can understand the file snort -b created? Or how can I fully utilize that file? Example is: bash# ls -l total 3 -rw------- 1 root wheel 246 Mar 31 12:25 alert -rw------- 1 root wheel 0 Mar 31 12:05 portscan.log -rw------- 1 root wheel 476 Mar 31 12:25 snort-0331 () 1224 log <- thisone-rw------- 1 root wheel 24 Mar 31 12:29 snort-0331 () 1226 log Thanks. Neil _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort activating my own script Naor (Mar 31)
- Unified logging Onie Camara (Mar 31)
- Re: Unified logging Mike Macias (Mar 31)
- Re: Unified logging Onie Camara (Mar 31)
- Re: Unified logging Mike Macias (Mar 31)
- Re: Unified logging Mike Macias (Mar 31)
- Unified logging Onie Camara (Mar 31)