Snort mailing list archives
log file
From: "Tom Murdock" <t_murdock () hotmail com>
Date: Sun, 27 Apr 2003 23:24:41 -0500
Good evening: Spent a lot of time but wasnt successful: Cannot find any... Running Snort 1.2 on R/H 8. Too many errors encountered; the rest of the message is ignored: In HTTPD dir there is LOGS directory with 6 months old file. In SNORT dir there are: 1. ALERT dir in which data are like: [**] [1:0:0] All packets are scanned on Tosh [**] [Priority: 0] 03/14-19;24;50.015625 12.212 .> 66.218 .. ICMP TTL:64 .If on first line Tosh is TOSHIBA, this is my machine where I am running Snort.
2. SCAN.LOG is second dir where there is file like [everything is in one line]
03/24-11:48:42.482118 ICMP src: 216.47 dst 216.47 .type: 8 code: 0 tgts: 6 event_id:0I would like also to make my own file and have logged data in it. I can test it with NMapWin from other machine but I do not know how I can right rule for this particularly case. For default log file [but where is it?] the rules should be:
Log tcp any any > 26.231 ./23 21 23 (session: printable) I also know that to log all packets in my own file the format is: logto: <file name>; but where to put in above rule? Appreciate help indeed. Thanks, Murdock _________________________________________________________________The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- log file Tom Murdock (Apr 27)