Snort mailing list archives
RE: [SPAM] - Snort in IDS mode - Email found in subject
From: "Marc Hering" <mhering () reval com>
Date: Tue, 15 Mar 2005 11:25:13 -0500
Logging to a file is just a setting in snort.conf, When you edit that file, you will see a section for logging and where the log files are. Just set the conf file for log location, and rules files locatoin and start Snort and then it should bein IDS mode. But why no Database? I run snort on my Winblows laptop with MysQl and Acid so I can see what's goin on without having to sift through the logs manually..You'd be surprised how many times you get hit at a Starbucks (Oops, I mean "Fourbucks" :) ) AS far as I know you can't have it block traffic.... -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Mr. venkat Sent: Tuesday, March 15, 2005 11:10 AM To: snort-users () lists sourceforge net Subject: [SPAM] - [Snort-users] Snort in IDS mode - Email found in subject Hi all, I am using snort 2.3.1 on windows. I don't want to use any database but I want to log all alerts to log files only(I am planning for other way).I could run snort in logging mode but I am unable to run in IDS mode. Can anybody tell me what is the best way to run snort in IDS mode also please tell me the required settings in snort.conf. Can snort block any traffic that match the rules or just it detects? Thanks in advance, --Venkat _________________________________________________________________ Screensavers unlimited! http://www.msn.co.in/Download/screensaver/ Download now! ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95&alloc_id396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: [SPAM] - Snort in IDS mode - Email found in subject Marc Hering (Mar 15)