Snort mailing list archives
Re: general questions
From: Jeremy Hoel <jthoel () gmail com>
Date: Fri, 29 Mar 2013 19:47:30 +0000
Its not going to write every packet to a file to view traffic flow. Its an ids/ips. That's what it does. Everything else is an addon or modification. The log files it creates are for events that have been triggered by rules/alerts. So its limited traffic in reference to a rule. On Mar 29, 2013 1:44 PM, "Mohammad MontazerI" <mohamad_montazery () yahoo com> wrote:
i know. but snort has packet sniffer. so i can use it as an IDS and network traffic shape. cant? if its not for this kind of need so the log file used for what? why even snort create a log file from network traffic? ------------------------------ *From:* Jeremy Hoel <jthoel () gmail com> *To:* Mohammad MontazerI <mohamad_montazery () yahoo com> *Cc:* "snort-users () lists sourceforge net" < snort-users () lists sourceforge net> *Sent:* Friday, March 29, 2013 11:36 PM *Subject:* Re: [Snort-users] general questions That's not the purpose of snort.. network traffic shape and flows is nflow/rflow/ntop/argus type tools. to see what websites people are visiting.. try bro, httpry (httproxy) and other such tools.. snort is not the tool for these needs. On Fri, Mar 29, 2013 at 6:56 PM, Mohammad MontazerI <mohamad_montazery () yahoo com> wrote:i want use the data to find out the network traffic shape. such as: who goes where! users most visiting websites and ... for this purpose how i should out put the data? ________________________________ From: Jeremy Hoel <jthoel () gmail com> To: Mohammad MontazerI <mohamad_montazery () yahoo com> Cc: "snort-users () lists sourceforge net" <snort-users () lists sourceforge net>Sent: Friday, March 29, 2013 10:52 PM Subject: Re: [Snort-users] general questions You need to look at the snort.conf in the output section and see how snort outputs it's data.. it can output data in plain text, binary and unified. you could use a SIEM tool to read the plain text, barnyard for the unified and there's a tool for the binary too.. you need to figure out how you want to use the data in order to determine how to output it. On Fri, Mar 29, 2013 at 4:59 PM, Mohammad MontazerI <mohamad_montazery () yahoo com> wrote:Which log files would you like read? i thought there is just one log file! however, i used this command: ./snort -d -h 192.168.1.0/24 -l ./log -c snort.conf and it created two flies: alert and a log file. i m trying to read this log file. ________________________________ From: Heine Lysemose <lysemose () gmail com> To: Mohammad MontazerI <mohamad_montazery () yahoo com> Cc: snort-users () lists sourceforge net Sent: Friday, March 29, 2013 8:19 PM Subject: Re: [Snort-users] general questions You can use pulledpork to manage your rules. Which log files would you like read? /Lysemose On Mar 29, 2013 4:44 PM, "Mohammad MontazerI" <mohamad_montazery () yahoo com> wrote: ________________________________ Hello dear all. i had a few questions which some of them has been answered but some is not. 1- which rule manager is better and wherei can download it? 2- is there any software which i can use it to read the log files?(something give more options ) Thanks.------------------------------------------------------------------------------Own the Future-Intel(R) Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latestSnortnews!------------------------------------------------------------------------------Own the Future-Intel(R) Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latestSnortnews!------------------------------------------------------------------------------Own the Future-Intel(R) Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latestSnortnews!------------------------------------------------------------------------------ Own the Future-Intel(R) Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Own the Future-Intel(R) Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- general questions Mohammad MontazerI (Mar 28)
- Re: general questions Ricky Huang (Mar 28)
- Re: general questions Mohammad MontazerI (Mar 29)
- Re: general questions Heine Lysemose (Mar 29)
- Message not available
- Re: general questions Mohammad MontazerI (Mar 29)
- Re: general questions Jeremy Hoel (Mar 29)
- Re: general questions Mohammad MontazerI (Mar 29)
- Re: general questions Jeremy Hoel (Mar 29)
- Re: general questions Mohammad MontazerI (Mar 29)
- Re: general questions Jeremy Hoel (Mar 29)
- Re: general questions waldo kitty (Mar 29)
- Re: general questions Mohammad MontazerI (Mar 29)
- Re: general questions Jeremy Hoel (Mar 30)
- Re: general questions Mohammad MontazerI (Mar 29)
- Re: general questions Ricky Huang (Mar 28)
- Re: general questions waldo kitty (Mar 29)
- Re: general questions waldo kitty (Mar 29)
- Re: general questions waldo kitty (Mar 29)
- Re: general questions waldo kitty (Mar 29)