Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort basic questions

From: Fyodor <fygrave () tigerteam net>
Date: Sun, 10 Jun 2001 19:41:04 +0700
On Sun, Jun 10, 2001 at 12:07:56PM +0100, Effi Baruch wrote:

Hi,
I have some basic questions about the Snort:
1. Can I send syslogs with it to another computer ? If yes, how can it be
done ?


in your /etc/syslog.conf:

snortsyslog.level       @hostname

Snortsyslog level is the facility.level which snort does logging with.


2. What is the maximum amount of traffic it can handle ?


Depends on your CPU power/ram.. 


3. Can I listen to traffic and examine it without logging it (using only the
alert option) ? If yes, how can it be done ?


-N option.


4. I saw there is a list of rules I can use (DoS etc.). If I want to use
them all, should I need to copy it to a single rules file ?



use snort.conf, it includes them all.

-- 
http://www.notlsd.net
PGP fingerprint = 56DD 1511 DDDA 56D7 99C7  B288 5CE5 A713 0969 A4D1

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: