Snort mailing list archives

RE: snort & acid how-to

From: Steve Halligan <agent33 () geeksquad com>
Date: Wed, 21 Nov 2001 11:57:03 -0600

Check out:
http://www.andrew.cmu.edu/~rdanyliw/snort/snortacid.html
It is chock full o' answers to all of you DB/ACID related questions.

INSIDE or OUTSIDE depends on what you are hoping to detect.  INSIDE you can
see what you internal users are doing and see outside traffic that made it
inside.  OUTSIDE you can see inside traffic that made it out and outside
traffic BEFORE it gets filtered by your firewall/nat
box/ipchain/ipfilters/etc.

-Steve



i installed snort 1.7 on my FBSD machine...seems to be running ..however
...in the snort.conf ...i had it ( for the moment ) log to syslog...
question 1 is ....how do i  OR  is there a good "how-to " on getting snort
to work with mysql ...and acid ?
question 2  is ...I have it running on the INSIDE interface ( the box is
doing NAT)   should i be running it on the inside or outside interface ??
any and all help is GREATLY appreciated.    :-)

thanx

Brent

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort & acid how-to Brent (Nov 21)
- Re: snort & acid how-to Arvind Clemente (Nov 21)
- <Possible follow-ups>
- RE: snort & acid how-to Steve Halligan (Nov 21)