Snort mailing list archives

RE: snort + aris

From: "Aaron McKinnon" <aaron () fullerene com>
Date: Fri, 11 May 2001 12:27:22 -0700

Not sure what you are asking about ARIS here, but to upload to the ARIS site
AFTER installing it would look something like this:

/usr/local/bin/sfclean  -u <username> -p <password> /var/log/snort/alert

replace ../sfclean with where ever you installed sfcleand and ../alert with
the name and location of the snort/SIDS log files you want to upload.

You need to set up an account with them to get/make the username password.

-----------------------------------
Aaron McKinnon
System Administrator
Fullerene Productions, Inc.
3250 Wilshire Blvd. Suite 2000
Los Angeles, CA 90010
213.365.1692
-----------------------------------

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Ron 'The
InSaNe One' Rosson
Sent: Friday, May 11, 2001 10:31 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] snort + aris


I am getting ready to reset up aris on my network but I am confused on
what my command line should be.

Here is my basic setup:

IDS system logging to a remote Database

Command line for snort is:
/usr/local/bin/snort -D -d -c /etc/snort.rules

Here is the output part of my  snort.rules file

output database: alert, mysql, user=nobody dbname=snort host=postal


TIA
--
----------------------------------------------------------------------------
--
Ron Rosson                                    ... and a UNIX user said ...
The InSaNe One                                        rm -rf *
insane () oneinsane net                     and all was /dev/null and *void()
----------------------------------------------------------------------------
--
Build a system even a fool can use,and only a fool will want to use it.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort + aris Ron 'The InSaNe One' Rosson (May 11)
- Re: snort + aris Ryan Russell (May 11)
  - Re: snort + aris Ron 'The InSaNe One' Rosson (May 12)
- RE: snort + aris Aaron McKinnon (May 11)
- <Possible follow-ups>
- RE: snort + aris Robert D. Hughes (May 12)
  - Re: snort + aris Ron Rosson (May 13)
- Re: snort + aris Ron 'The InSaNe One' Rosson (May 15)
  - Re: snort + aris Andreas Hasenack (May 15)