Snort mailing list archives
RE: Need a help
From: "Charles Heselton" <charles.heselton () gmail com>
Date: Sun, 10 Jul 2005 00:40:18 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________ From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Ks, Mithun (GE Commercial Finance, non-GE) Sent: Thursday, July 07, 2005 7:26 AM To: Snort-users () lists sourceforge net Cc: Salil D. Subject: RE: [Snort-users] Need a help Hi, Is this file in snort .conf to mention the snort is configured in detection mode. # Command Line Options ## -------------------- # config disable_decode_alerts config disable_decode_alerts config disable_tcpopt_experimental_alerts config disable_tcpopt_obsolete_alerts config disable_tcpopt_alerts config disable_ipopt_alerts config detection: search-method lowmem # Regards... Mithun.k.s -----Original Message----- From: Salil D. [mailto:salildumbre () rediffmail com] Sent: Thursday, July 07, 2005 5:15 PM To: Ks, Mithun (GE Commercial Finance, non-GE) Subject: Re: [Snort-users] Need a help I had installed snort long time back you need to check the snort.conf file for configuration details On Thu, 07 Jul 2005 Ks,Mithun(GE Commercial Finance,non-GE) wrote : >Hello, > >I cconfigured snort in linux platform. Can anyone tell me where should i want to go if i want snort to be configured in logging mode or in detecting mode? In which file i have to change this. > >Please help me in this. > >Regards.... >Mithun.k.s > > I think what you are asking is different facets of the same stone. Snort is in "detecting" mode if it is being used as a "glorified" packet sniffer. I say "glorified" because it can be configured to use the signatures and pre-processors, even without logging to a logging mechanism (like syslog or mysql). If snort is configured to output to a logging mechanism (like syslog or mysql), then it's considered to be in "logging" mode. Snort can also be used as a basic packet sniffer, which doesn't put any intelligence to the packets captures (similar to tcpdump). But I get the impression that's not what you're looking for. In it's default configuration, I believe (someone correct me if I'm wrong) that snort is configured to write alerts to it's own log file which should be contained in "/var/log/snort" -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQtDQ4nv40fZIKe3PEQJ/iQCgkfpEzPS1/cMjxldor6sww7sZZZ4AoIOR Y06aWo9NEvzclqeEcLTjrN+h =vEyv -----END PGP SIGNATURE-----
Attachment:
PGPexch.htm.pgp
Description:
Current thread:
- Need a help Ks, Mithun (GE Commercial Finance, non-GE) (Jul 07)
- <Possible follow-ups>
- RE: Need a help Ks, Mithun (GE Commercial Finance, non-GE) (Jul 07)
- RE: Need a help Charles Heselton (Jul 10)