Snort mailing list archives
RE: bpf filter
From: "Ashley Thomas" <athomas () cc gatech edu>
Date: Mon, 3 Jun 2002 12:49:06 -0400
try icmp and not dst net x.x.x.x/24 that is same as what you need i guess. -ashley -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Omolayo Salako Sent: Monday, June 03, 2002 11:34 AM To: snort-users () lists sourceforge net Subject: [Snort-users] bpf filter -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 i am trying to write a bpf filter and i get this error message, i am doing it as root. any pointers snort -i eth4 not dst net 10.x.x.0/24 ip proto icmp Log directory = /var/log/snort Initializing Network Interface eth4 WARNING: OpenPcap() device eth4 network lookup: SIOCGIFADDR: eth4: Cannot assign requested address ERROR: OpenPcap() FSM compilation failed: parse error PCAP command: not dst net 10.x.x.0/24 ip proto icmp Fatal Error, Quitting.. - -----Original Message----- From: matt [mailto:mkettler () evi-inc com] Sent: Saturday, June 01, 2002 2:35 PM To: JEFF Collins; snort-users () lists sourceforge net Subject: Re: [Snort-users] Email alert and porscan.log on a daily basis Personally I have a small script in my daily cron that emails me the logfiles and then rotates them. My script is quick, dirty, and might not work for you, but this is the basic crux of the script is below (and yes I've modified my email address to an invalid one in case someone is foolish enough to not change it :) - ----------------------------- SNORTLOGS=/var/log/snort mail -s"Snort: Alerts" mkettler_snort () evi-inc com < ${SNORTLOGS}/alert mail -s"Snort: Portscans Summary" mkettler_snort () evi-inc com < ${SNORTLOGS}/log rm ${SNORTLOGS}/alert.2 mv ${SNORTLOGS}/alert.1 ${SNORTLOGS}/alert.2 mv ${SNORTLOGS}/alert ${SNORTLOGS}/alert.1 rm ${SNORTLOGS}/log.2 mv ${SNORTLOGS}/log.1 ${SNORTLOGS}/log.2 mv ${SNORTLOGS}/log ${SNORTLOGS}/log.1 At 03:52 PM 5/31/2002 -1000, JEFF Collins wrote:
I would like to setup SNORT to email the alert and portscan information for each day, on a daily basis to multiple recipients. Does anyone have recommendations on a good way to go about doing this? Thanks, Jeff
_______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPPucQDZTx2DAOjqrEQJQUQCgh2rLpNnZMvEvWYTyBBTdg9sw2QIAnjYk XDjgjH/Dx/ifP2pJG1Fk1287 =wJrg -----END PGP SIGNATURE----- _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- bpf filter Omolayo Salako (Jun 03)
- RE: bpf filter Ashley Thomas (Jun 03)