Snort mailing list archives
Re: Setting up simple LAN-sniffing for bad signatures?
From: Jeremy Hoel <jthoel () gmail com>
Date: Fri, 2 Jan 2015 14:35:22 -0700
If you just want to look for bad traffic that you are specifying and not using rules from VRT or ET, then you just want to make local.rules and have snort read that. It's not a database per se, but just a text file that you create the rules in. If it's the logging you are having problems with, you ned to specify how you want the output to go.. to a unified2 file, syslog or text file. You can sniff and manage on the same interface, though it's not recommended for production to do it that way. On Fri, Jan 2, 2015 at 2:18 PM, PattiMichelle <miche1 () earthlink net> wrote:
Dear Snort Users: I'm trying to figure out how to set up Snort on my Opensuse 13.1x64 system to sniff (and log) instances of "bad" network traffic (via snort signature database). It seems tricky to get this going. There are websites which gave me enough information to get the sniffer operational, but I can't seem to figure out how to get to read a database of bad signatures, and log only those bad ones. Does anyone have a simple DIY for this? I'm not trying to set up an alarm or automatic response system. Just to have a logfile available to look at from time to time, or maybe diff occasionally. Also, is it necessary to run snort in a virtual machine as a "sandbox," or else to have two NICs, one for normal LAN traffic and the other for Snort? Thank You Very Much, Patricia ------------------------------------------------------------------------------ Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Setting up simple LAN-sniffing for bad signatures? PattiMichelle (Jan 02)
- Re: Setting up simple LAN-sniffing for bad signatures? Jeremy Hoel (Jan 02)
- Message not available
- Re: Setting up simple LAN-sniffing for bad signatures? Jeremy Hoel (Jan 02)
- Message not available
- Re: Setting up simple LAN-sniffing for bad signatures? Jeremy Hoel (Jan 02)