Snort mailing list archives
RE: Snort Logs
From: "Martin Jr., D. Michael" <martinm () montevallo edu>
Date: Tue, 14 Oct 2003 13:34:00 -0500
I am very new to snort and I am using it in a Windows environment (maybe that is my problem) :-0 But I am having a devil of a time with these logs. ANY HELP would be appreciated. I am not using MySQL (yet) for the keeping of the logs but I am having trouble reading the Snort logs that are created. Here is the type of logs I have: --scan.log (text format. Very criptic and not really clear on what was seen or alarmed. I specifically would like to know what the sport:, dport:, tgts:, ports:, flags:, event_id:) AND, the following (tcpdump format, maybe? How do read it? Ethereal doesn't know what do with the file.): --snort.alert.######### --snort.log.######### --snort.suspicious.######### AND one file that apparently is in tcpdump format that Ethereal can read: --tcpdump.log.######### I don't have many rules even turned on at this point and because I can't read the logs I don't know what else needs to be "tweaked" in Snort. Any assistance would be GREATLY appreciated. Thanks, Michael Martin ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Logs Martin Jr., D. Michael (Oct 14)
- <Possible follow-ups>
- RE: Snort Logs Martin Jr., D. Michael (Oct 14)
- Re: RE: Snort Logs Nick Oliver (Oct 14)
- RE: Snort Logs grant (Oct 17)