Snort mailing list archives
RE: Where can I find documents explain the log form ats of snort?
From: "Hicks, John" <JHicks () JUSTICE GC CA>
Date: Sun, 22 Dec 2002 23:12:55 -0500
The best one I can recommend is Intrusion Signatures and Analysis from Stephen Northcutt (SANS) and all (http://www.amazon.com/exec/obidos/tg/detail/-/0735710635/qid=1040616491/sr= 8-1/ref=sr_8_1/102-0670692-9875349?v=glance&s=books&n=507846) mainly because as you go, you'll quickly learn you'll need to know more than the alert.ids file. ----- Signature ID:Revision # Alert Message [Classification: Classification Type] [Priority: #] Date/Network Time Src.IP:Src.Port -> Dst.IP:Dst.Port Protocol Packet Details References ----- HTH, John -----Original Message----- From: Xiaogang Liu To: snort-users () lists sourceforge net Sent: 22/12/02 10:32 PM Subject: [Snort-users] Where can I find documents explain the log formats of snort? hi, Where can I find documents explain the log formats of snort? I want to completely analyze the log format in file alert.ids. Thanks Oliver ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Where can I find documents explain the log form ats of snort? Hicks, John (Dec 22)