Snort mailing list archives
Re: Can Snort Analyze Sampled Netflow Traffic
From: Emiliano Fausto <emiliano.fausto () gmail com>
Date: Wed, 13 Jan 2016 08:52:58 -0300
Hello Hanan, 1. You can process network dumps using the -r option in the command line, or save every capture into a directory and use option --pcap-dir. Here you have the whole chapter that talks about that matter: http://manual.snort.org/node8.html 2. I don't understand your question. Do you want to get statistics from snort? I think you may check statistics generated after reading your input. Here you have the basic outputs: http://manual.snort.org/node9.html. Anyway, I've seen a work done by the Splunk team which is interesting, and they used the SNORT Categories: http://blogs.splunk.com/2016/01/11/splunk-at-the-wall-for-def-con-23-part-ii/ 3. I'd recommend the official SNORT manual: http://manual.snort.org/ or in PDF format: https://s3.amazonaws.com/snort-org-site/production/document_files/files/000/000/099/original/snort_manual.pdf Hope it helps! Regards, Emiliano. On Wed, Jan 13, 2016 at 5:44 AM, Hanan Shteingart <chanansh () gmail com> wrote:
Hi, 1. I have tons of sampled netflow traffic (1:4096 rate, sampled packet flows).Can it be digested with Snort? 2. What will be the guidelines to process these with Snort for Big Data? 3. Where can I get a list of Snort capabilities? Thanks, Hanan *HS* ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Can Snort Analyze Sampled Netflow Traffic Hanan Shteingart (Jan 13)
- Re: Can Snort Analyze Sampled Netflow Traffic Emiliano Fausto (Jan 13)
- Re: Can Snort Analyze Sampled Netflow Traffic Hanan Shteingart (Jan 13)
- Re: Can Snort Analyze Sampled Netflow Traffic Joel Esler (jesler) (Jan 13)
- Re: Can Snort Analyze Sampled Netflow Traffic Hanan Shteingart (Jan 13)
- Re: Can Snort Analyze Sampled Netflow Traffic Joel Esler (jesler) (Jan 13)
- Re: Can Snort Analyze Sampled Netflow Traffic Hanan Shteingart (Jan 13)
- Re: Can Snort Analyze Sampled Netflow Traffic Joel Esler (jesler) (Jan 13)
- Re: Can Snort Analyze Sampled Netflow Traffic Emiliano Fausto (Jan 13)
- Re: Can Snort Analyze Sampled Netflow Traffic Hanan Shteingart (Jan 13)
- Re: Can Snort Analyze Sampled Netflow Traffic Emiliano Fausto (Jan 13)
- Re: Can Snort Analyze Sampled Netflow Traffic Hanan Shteingart (Jan 13)
- Re: Can Snort Analyze Sampled Netflow Traffic Emiliano Fausto (Jan 13)