Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CSV problem on Window! (fwd)

From: Erek Adams <erek () snort org>
Date: Mon, 17 Mar 2003 09:09:58 -0500 (EST)

Hrm...  Some error stopped this from getting to the list.  Resending.

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

---------- Forwarded message ----------
Date: Mon, 17 Mar 2003 08:54:15 -0500 (EST)
From: Erek Adams <erek () snort org>
To: "[iso-8859-1] \"H?roux, Christian\"" <Christian.Heroux () etsmtl ca>
Cc:
Subject: Re: [Snort-users] CSV problem on Window!

On Fri, 14 Mar 2003, [iso-8859-1] "H?roux, Christian" wrote:


I am a new user of snort. I presently evaluating the use of snort to
collect syslog.  I didn`t find any rules defined for that but I have
heard people using it that way.


Rules don't matter.  Syslog is an output mechanism.  That doesn't interact
with rules in any way.  It only dumps output to whatever output mechanism.


From what I understand syslog alert doesn`t work on windows some bug
was found. Right?


No, it worked, it just wouldn't work remotely.  1.9.1 has had Frank's
patch added in, so that's not an issue.


For CSV the plugin name is alert_CSV and not just
CSV? But now with the right command ? output alert_CSV syslog.txt
default ? snort seem to crash if there is the default keyword. I didn`t
find any people complaining about that.Dd that happend to someone. Also
in CVS format how can I get the payload of the packet in one CVS field?


CSV and Syslog output plugins don't have anything to do with one another.

If you look at the manual [0], you'll see that here [1] that the CSV
plugin does not dump packet payload.  Only the items listed.

As for your crash, what errors does it give you?

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]     http://www.snort.org/docs/writing_rules/
[1]     http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.5.9


-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open!
Get cracking and register here for some mind boggling fun and
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: