Snort mailing list archives
RE: Alert Method in Snort & SnortSnarf
From: "Potts, Ross A." <RPOTTS () NORTHROPGRUMMAN COM>
Date: Wed, 24 Apr 2002 04:43:05 -0700
I have Snort 1.8.6. It automatically generates an alert file(I'm running with no special flags or anything). Just run snortsnarf against the alert file and have a seperate directory for it. For my server, I run against the portscan log AND the alert file. My output is to /var/www/html/report/snort for portscans, and /var/www/html/report/alert for the alerts. -----Original Message----- From: Pathmenanthan Ramakrishna [mailto:nanthan14 () lycos com] Sent: Wednesday, April 24, 2002 7:12 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Alert Method in Snort & SnortSnarf hi, i using snort and snortsnarf. Both are working perfectly, but when i run snort,as we know it group the data into the log files. How do i create alert file so that when i run snortsnarf i could view the html page where it takes from the log file? Does snort creates the alert file in different directory?Normally the log files ar stored in snort/log. I dont know where to write the alert statement(rule) so that snort could create a alert file when i perform a attack to a host and detects ICMP packets. im new to this tools, so i need some help as for my research..please kindly help me.. thanks with best regards NANTHAN.R (postgraduate student) See Dave Matthews Band live or win a signed guitar http://r.lycos.com/r/bmgfly_mail_dmb/http://win.ipromotions.com/lycos_020201 /splash.asp _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Alert Method in Snort & SnortSnarf Pathmenanthan Ramakrishna (Apr 24)
- <Possible follow-ups>
- RE: Alert Method in Snort & SnortSnarf Potts, Ross A. (Apr 24)