Snort mailing list archives
capture data
From: "Schmeits, Roger" <schmeits () clarksoncollege edu>
Date: Tue, 18 Sep 2001 12:38:50 -0500
In light of the latest IIS attack does anyone have any advice on capturing data? I am currently taking a SANS online course for intrusion detection and on the lookout for any good data for the practical. On the webserver I have snort installed and running with the following command line options -- snort -c snort.conf -db -l c:\snort\logs. Are there any other command line option/rules that I should be aware off? This was installed just last week with the lastest rules set. I will eventually transfer the data to a machine where I have snortsnarf installed and go from there. Thanks, Roger _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- capture data Schmeits, Roger (Sep 18)