Snort mailing list archives
Re: More questions on Snort/barnyard
From: "sudhakar govindavajhala" <sudhakarg79spam () gmail com>
Date: Thu, 31 Jan 2008 13:01:41 -0500
Thanks Paul.
2) Why do I get this error? How can I shut this off? Is this warning a problem? WARNING: Unable to extract timestamp file extension from 'snort.log'
Shut what off? Sudhakar: Why I get this warning? "WARNING: Unable to extract timestamp file extension from 'snort.log'" What can I do to turn off this warning? --Sudhakar
3) What is a good size to set for files below? # Two arguments are supported. # filename - base filename to write to (current time_t is appended) # limit - maximum size of spool file in MB (default: 128) # output alert_unified: filename snort.alert, limit 128 output log_unified: filename snort.log, limit 128 What happens when the file size (128) is reached? Does Snort die or
restart?
The defaults are fine. When they're reached, snort simply starts a new logfile.
4) I briefly looked at implementation of barnyard. I may be wrong here.
How
does barnyard poll the directory? Is it busy-looping?
It watches for new entries in the log.
5) What is the difference between alert and log? I am thinking alert is
the
human readable version. What is the difference between snort.log and snort.log.timestamp?
You really need to learn how to do your own research. Most of your questions have already been asked hundreds of times and answered. <http://www.snort.org/docs/faq/3Q06/node73.html> -- Paul Schmehl (pauls () utdallas edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- More questions on Snort/barnyard sudhakar govindavajhala (Jan 30)
- Re: More questions on Snort/barnyard sudhakar govindavajhala (Jan 30)
- Re: More questions on Snort/barnyard Paul Schmehl (Jan 31)
- Re: More questions on Snort/barnyard sudhakar govindavajhala (Jan 31)