Snort mailing list archives
Re: reading snort logs
From: James Lay <jlay () slave-tothe-box net>
Date: Sun, 21 Apr 2013 09:28:48 -0600
Snort MiniFAQ Snort is an IDS/IPS that can listen on live interfaces and read pcaps (run with -r). If you're running anything besides the latest snort (http://www.snort.org/snort-downloads) then stop reading and install that FIRST. The internet is chock full of outdated how-to's with snort. If you've used one to install snort, then be prepared to make some changes. Snort can (add to your snort.conf) output to human readable text (output alert_fast:), unified2 filetype (output unified2:), syslog (output alert_syslog:), and pcap file format (output log_tcpdump:). If you're wanting database support, then barnyard2 is the application you'll want to read the unified2 files that will get put into your database. If you want to listen to multiple interfaces and have multiple sources of data, then your'e going to have to have multiple instances of snort and barnyard2 running. In a nutshell you'll want for example a snort1.conf, snort2.conf, and snort3, conf as well as a barnyard1.conf, barnyard2.conf, and barnyard2.conf. You can have the unified2 files be differently named, or read from different directories. On Apr 21, 2013, at 8:16 AM, "MCLEOD, DONNIE" <DMCLEO11 () caledonian ac uk> wrote:
Hi, can anyone tell me how to open and read snort logs? I'am a newbe to snort,thanks Don ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- reading snort logs MCLEOD, DONNIE (Apr 21)
- Re: reading snort logs James Lay (Apr 21)