Snort mailing list archives

Previous By Date Next
Previous By Thread Next

log file

From: "Tom Murdock" <t_murdock () hotmail com>
Date: Sun, 27 Apr 2003 23:24:41 -0500


Good evening:

Spent a lot of time but wasn’t successful: Cannot find any...
Running Snort 1.2 on R/H 8.

Too many errors encountered; the rest of the message is ignored:
In HTTPD dir there is LOGS directory with 6 months old file.
In SNORT dir there are:

1. ALERT dir in which data are like:

[**] [1:0:0] All packets are scanned on Tosh  [**]
[Priority: 0]
03/14-19;24;50.015625 12.212…………….> 66.218……………..
ICMP  TTL:64…………………….
If on first line Tosh is TOSHIBA, this is my machine where I am running Snort.
2. SCAN.LOG is second dir where there is file like [everything is in one line] 

03/24-11:48:42.482118 ICMP src: 216.47………… dst 216.47………….type: 8
code: 0  tgts: 6 event_id:0
I would like also to make my own file and have logged data in it. I can test it with NMapWin from other machine but I do not know how I can right rule for this particularly case. For default log file [but where is it?] the rules should be: 

Log tcp any any  >  26.231…………./23 21 23 (session: printable)

I also know that to log all packets in my own file the format is:

logto: “<file name>”;

but where to put in above rule?


Appreciate help indeed.

Thanks, Murdock










_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail 



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: