Snort mailing list archives

Previous By Date Next
Previous By Thread Next

logging both TCPdump dump and fast format.

From: Anthony Geoffron <anthonyg () passinglane com>
Date: Mon, 6 Aug 2001 10:23:08 -0700
Since guardian does not work with the -d   (unless I'm wrong here)
Is there any way to log both with -d and without -d.

Anthony.

-----Original Message-----
From: Jyri Hovila [mailto:jyri.hovila () iki fi]
Sent: Sunday, August 05, 2001 5:03 PM
To: 'Advanced Hosting UNIX Admin Daniel Fairchild';
snort-users () lists sourceforge net
Subject: RE: [Snort-users] anyone have any trouble getting guardian to
work


Howdy!

It can be a bit tricky to get Guardian work as the documentation is not
too good.

First of all, make sure that the logfile Guardian is reading is written
in Snort's 'fast' format. Guardian can only read the 'fast' logfile; it
does not cope with full or tcpdump format log files.

If this is not the problem in your case, then please send me your
Guardian and Snort configuration files (guardian.conf and snort.conf,
don't need the *.rules files) and I'll try to figure out what's wrong.

Yours,

Jyri 

Information Security Specialist
Tel: +358-41-448 3238
E-mail: jyri.hovila () iki fi

Certifications:
http://www.brainbench.com/transcript.jsp?pid=2301241
 

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Advanced
Hosting UNIX Admin Daniel Fairchild
Sent: 6. elokuuta 2001 1:53
To: snort-users () lists sourceforge net
Subject: [Snort-users] anyone have any trouble getting guardian to work


I am trying to use guardian to add entries to my iptables and I am
getting 
nothing I put guardian in debug mode and it reads from the alert file
but 
does nothing. 

TIA for anyones help with this one.





-- 
Advanced Hosting UNIX Admin | Daniel Fairchild danielf () supportteam net 

Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: