Snort mailing list archives
Re: Snort-users digest, Vol 1 #3872 - 13 msgs
From: Russell Fulton <r.fulton () auckland ac nz>
Date: Sat, 03 Jan 2004 16:06:22 +1300
Date: Fri, 2 Jan 2004 16:07:37 -0000 From: "Russell Packer" <russell.packer () arnoldinteractive com> To: <Snort-users () lists sourceforge net> Subject: [Snort-users] Snort, Mudpit, Unified logs and me... Hi all, I'm trying to set up what I think is "a normal" system pair: System 1: The Snort machine (Devil) System 2: The log processing / alerting machine (Slackware 9.x)
As I'm sure anyone else using mudpit is aware, there isn't a whole lot = of documentation ;) I'm currently getting my head round the Mudpit configuration, more = specifically the Spool section. The section starts like this:
Here is what I am using: from snort.conf: output alert_unified: filename snort.alert, limit 128 output log_unified: filename snort.log, limit 128 These files get written to the directory specified with the -l option. In mudpit config I have: spool "/home/snort/LOGS/DMZ-O/unified" { # as specified with the -l option to snort lock = "mysql" arch_dir= "/home/snort/arch" checkpoint = "checkpoint" # The name of the output plugin. At least one plugin must be specified. # The string after comma is a parameter sent to the plugin; its format # depends on a plugin type (mp_out_init entry should understand it). # Default: none. output = "/home/snort/mudpit-1.2/output/acid/mp_acid_out.so", "server xxxxxx.auckland.ac.nz, user snort, database snort, \ hostname yyyyy.auckland.ac.nz, interface 1, password zzzzzz" } If you are still having trouble send me your configs off list and I will look over them. -- Russell Fulton /~\ The ASCII Network Security Officer \ / Ribbon Campaign The University of Auckland X Against HTML New Zealand / \ Email! ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Snort-users digest, Vol 1 #3872 - 13 msgs Russell Fulton (Jan 02)