Snort mailing list archives
Re: General info
From: Erek Adams <erek () theadamsfamily net>
Date: Tue, 18 Sep 2001 09:28:08 -0700 (PDT)
On Tue, 18 Sep 2001, snortlst snortlst wrote:
I couldn't find the explanation for pretty simple questions on the snort site, so maybe you can clarify this:
Actually, some of this is covered somewhere in the docs or the FAQ. :) I can't recall where right now, and I'm lacking enough coffee to go and check.
1. When you compare traffic to the rules what are the options - alerts are sent to syslog or database, or file,that's o.k., but can you for example drop connection if it conflicts with snort rules?What else can you do to malicious conenctions?
You can use flexresp to actually close or reset connections if they match a rule. Be warned, this isn't exact nor does it work perfectly. There are some issues you need to be aware of before starting with this... It's sorta like a loaded gun that doesn't look like a gun...
2.I don't think mysql is an option for me, is ACID simplier to confiure than mysql?
ACID needs to have MySQL on the backend. Can't have any ACID without it, no matter what the Hippies in Berkeley tell us. ;-)
3. Can I generate HTML reports if I log to ACID?
Well... ACID generates nice PHP pages that can be used viewed in a browser. If you want straight HTML, check out SnortSnarf and SnortReport (I think it does HTML, but I may be mistaken). Have a look on the website under downloads. You should find what you want there. Hope this helps! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- General info snortlst snortlst (Sep 18)
- Re: General info Erek Adams (Sep 18)