Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: [SPAM] - Snort in IDS mode - Email found in subject

From: "Marc Hering" <mhering () reval com>
Date: Tue, 15 Mar 2005 11:25:13 -0500
Logging to a file is just a setting in snort.conf, When you edit that
file, you will see a section for logging and where the log files are.
Just set the conf file for log location, and rules files locatoin and
start Snort and then it should bein IDS mode.

But why no Database?  I run snort on my Winblows laptop with MysQl and
Acid so I can see what's goin on without having to sift through the logs
manually..You'd be surprised how many times you get hit at a Starbucks
(Oops, I mean "Fourbucks" :) )

AS far as I know you can't have it block traffic.... 

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Mr. venkat
Sent: Tuesday, March 15, 2005 11:10 AM
To: snort-users () lists sourceforge net
Subject: [SPAM] - [Snort-users] Snort in IDS mode - Email found in
subject

Hi all,
    I am using snort 2.3.1 on windows. I don't want to  use any database
but I want to log all alerts to log files only(I am planning for other
way).I could run snort in logging mode but I am unable to run in IDS
mode. Can anybody tell me what is the best way to run snort in IDS mode
also please tell me the required settings in snort.conf.

    Can snort block any traffic that match the rules or just it detects?
  Thanks in advance,
--Venkat

_________________________________________________________________
Screensavers unlimited! http://www.msn.co.in/Download/screensaver/
Download now!



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: