Re: RE: Logging to SnortSnarf, syslog server, or other htmlutility

[Jeff Holland <jeffrey_a_holland () raytheon com>]

<<Also, does anyone know of a real-time logging tool, you can actually watch
as packets get logged?>>

Try:  tail -f /var/log/messages

It's not glamorous, but it works...

-Jeff

Klimarchuk John wrote:

> Would anyone be able to provide information on to get Snort using the
> SnortSnarf logging utility?  Or any other logging tool for that matter, I
> have Snort logging to the syslog directory, and I have compiled SnortSnarf,
> however I do not see any logging going on.
>
> Also, does anyone know of a real-time logging tool, you can actually watch
> as packets get logged?
>
> -----Original Message-----
> From: Martin Roesch [mailto:roesch () sourcefire com]
> Sent: Tuesday, July 24, 2001 9:01 AM
> To: Tony M
> Cc: snort-users () lists sourceforge net
> Subject: Re: [Snort-users] Limiting the events spp_stream4: WINDOW
> VIOLATION
>
> Update to the latest beta
> (http://www.snort.org/files/snort-1.8.1-beta4.tar.gz), tcp state
> problems have to be explicitly turned on (option
> "detect_state_problems") in the latest version.
>
>      -Marty
>
> Tony M wrote:
> > Is there any way to disable this message from the stream processor? it
> > is flooding my database with thousands of events.
> > ideally, i would like to find a way to either limit the number of events
> > that will be recorded or turn just this event off.
> > 30365  spp_stream4: WINDOW VIOLATION detection 192.168.2.1 15:39 07-23
> > 00:12 07-24
> >
> > Thanks
> > Tony
> >
> > -----BEGIN PGP PUBLIC KEY BLOCK-----
> > Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
> >
> > mQGiBDp+ShYRBADVja2c43SfOIy5jFuC+FJ2PSI5XBA7+LI1iXgUSw6hrBanWH6D
> > Ce3ZlcNlYmWG6HQwbi/UPNKfjmDjNuojJngmL6Yq8z2xN01SnM4jS3DkDfuIfLYU
> > AnIiSbF1IsKYAAp+oRcygEq4DiGnHj2SeTaNDGdJtwgsGNX6P2bNz5+riwCg/8wi
> > E8XIm6YKhRf48zP/bPd6AWEEAKN2Q9/6FlSz/s7Yuj9ddA+Nv9aSkJH+KjMLB2l6
> > +i4KC80KyM1QyqeNolE6hZBozRCX9kAYNHy7rbbnfq3uOYhgi784SGE+mH2tUyOB
> > Mt6HtpT1u9J7lNuLsJ+wDe4raJqnR8+ldelAY9mZ8wk0zjYkYEuMWYIsPXtUlYhV
> > I5lNA/9w/4SbUfQVZjqDzX8v6fLU18Fe6d0Xr2EyomAvew7539EIFwz9+B19ZuQL
> > tvgI2dla1ibEC1JlDcT9ELEt5M7uzUFiO3vWwr+tiFV2yU53NeN2tFyibCOPn35b
> > HltIH7kma6eC0SriM+Ske6elGugs9h+dWKNFZgtSexCNKmy537QaVG9ueSA8SVRv
> > bnlEZXZAamFiYmVyLm9yZz6JAE4EEBECAA4FAjqDdpUECwMCAQIZAQAKCRDQhfgG
> > 5ZSf69hYAJoCpBI9ritoPLsjHbXeoQDadYFG7gCgtM2tyR3f0SWwFdlosobsw8+F
> > /TyJAEYEEBECAAYFAjp+SkMACgkQfh1XONWHzsbKiwCgpeirkJRAyV6hhjjXX5eh
> > lRKyUtUAoLOJfkMY+GHfOIo+wviHHXQXhRdBtCJBbnRob255IE1vdWx0b24gPHRv
> > bnlAZXZlcmRldi5jb20+iQBOBBARAgAOBQI6g3aVBAsDAgECGQAACgkQ0IX4BuWU
> > n+uQmACeJalOIL36H5qr0ZjgDS5MwPFmU4MAoJ/16vrwviYMyv5P0cGNOZKnX59i
> > uQINBDp+ShYQCAD2Qle3CH8IF3KiutapQvMF6PlTETlPtvFuuUs4INoBp1ajFOmP
> > QFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89PY3bzpnhV5JZzf24
> > rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa8L9GAFgr5fSI/VhO
> > SdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsYjY67VYy4XTjTNP18
> > F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsC
> > RtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpMgs7AAICCACAJQ4lPMmHZUyTWt9C8JI3
> > 1ulSi74qWdqRYqn2jUy1I/hXMpAgRXcwpN7TxMGxzY3Osn6AtteDh67kh6aF22kD
> > 5IVPWnx03DoyYvUTS8dz1Xau04a0i+e4tSSDnrWaREREg+XlXPqRYkM+8M8p1X6C
> > i49IHC33zfkrUOsWqqHIypqq6CegJ/03eKR74RQud8E+iDaiwqpqQ477PEIthHdr
> > KjFDeqap5gnKwmUc8l4bqos1U20w16wrW9OnaAQA1+t+NEDEnreht1N/UJFdHQ6I
> > 0N1eyHEQsBlIe6RFrrIXvNHwfzCT7JzVFJG+TmZ8SMM1JZXV1UqtglG84/m6+2/x
> > iQBGBBgRAgAGBQI6fkoWAAoJENCF+AbllJ/rx1oAn3GPaKpxaA6/hVWe1StdlzY7
> > D3v1AJ9k2n40BCApVvp+Qb9JzYdCPbKInQ==
> > =lahV
> > -----END PGP PUBLIC KEY BLOCK-----
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list
>
> --
> Martin Roesch
> roesch () sourcefire com
> http://www.sourcefire.com - http://www.snort.org
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users