Snort mailing list archives
Re: snortsnarf
From: James Hoagland <hoagland () SiliconDefense com>
Date: Thu, 12 Jul 2001 09:01:11 -0700
Hi Russ, I figured a late response is better than no response, so here goes... At 3:00 PM -0500 7/3/01, root wrote:
well, this is what i'd like.... snortsnarff to work :P i've downloaded it- installed it- and have ran it.... but it doesnt do the analysis efficiently. i have all the logs to snort being dumped to another location other than /var/log/snort and snortsnarff doesnt want to do analysis of a single directory and then all of the recursive files and directories within. under it's current condition i have to manually enter all of the files into snortsnarff when im looking for an automated process. any help would be appreciated.
If I understand you correctly, you are trying to feed SnortSnarf your log files (i.e., the file with port numbers in the names inside directories named after IP addresses). This is not the input that SnortSnarf is set up for. Instead you will need to give it your alert file (e.g., produced by -A, either fast or full), or your syslog file (if you use -s or the config file equivalent).
Hope this helps, Jim -- |* Jim Hoagland, Associate Researcher, Silicon Defense *| |* hoagland () SiliconDefense com *| |* http://www.silicondefense.com/ *| |* Silicon Defense - Technical Support for Snort *| |* Voice: (530) 756-7317 Fax: (530) 756-7297 *| _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snortsnarf root (Jul 03)
- Re: snortsnarf James Hoagland (Jul 12)