Snort mailing list archives
How to achieve alerts from tcpdump files?
From: jwang () fit edu
Date: Mon, 29 Mar 2004 21:04:12 -0500 (EST)
hi everyone: my issues: 1) I have managed to create alerts from my tcpdump file with the following command: ../snort -s -r file.tcpdump -c snort.conf but since i have got thousands of tcpdump files, all the alerts were outputed to the /sys/log/snort/alert file, and it's really hard to recongize which alert is from which tcpdump file?! Can someone tell me if there is any way i can be able to set a path to each output of the alerts from every tcpdump file?? 2) I have got a tcpdump file from a system that is about a year old, and after applied the lastest rule set (downloaded from snort.org), it didn't detect any alert from it? but my instructor said he is 100% sure there is at least one alert from that file. I was wondering, how will i be able to find it then??? 3) After we have found the alerts, What is the command/method to fix the bug in the tcpdump file? so, that the alerts will not appear second time we snort it? thank you very much!! Jun WANG Florida Tech 29th, March 2004 ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How to achieve alerts from tcpdump files? jwang (Mar 29)
- <Possible follow-ups>
- Re: How to achieve alerts from tcpdump files? Nigel Houghton (Mar 30)