Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Win users - HELP

From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Mon, 13 Jan 2003 14:26:37 -0500
John,  

You cannot mix command line output parameters (e.g., -A fast, -b, -s, etc.)
with output parameters in the snort.conf file (e.g., ); the command line
parameters will override those in the snort.conf file.  It is my
understanding that this functionality by design.  

If you want to log alert data to a CSV file, drop the output command line
parameter '-s localhost' and only specify the CSV output plugin in the
snort.conf file:  

    output CSV: C:\snort\log\alert.csv default  

The plugin requires two arguments: a full pathname to a file and the output
formatting option.  The output formatting option of 'default' will capture
all alert data.  Check out the snort docs for more information
http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.5.9.  

Hope this helps.  

Christopher 


-----Original Message-----
From: Sh J [mailto:shay_work () yahoo com]
Sent: Saturday, January 11, 2003 5:54 PM
To: L. Christopher Luther
Subject: RE: Win users - HELP


Hello Christopher, 

Nice to write u, Thanks for the answear. 
I'm useing compiled version Snort-1.9.0-win32.exe and i manage to log alert
to log 
file (packet logger, -l ./log)  and to syslog file( -s localhost) on local
machine. 

Hope that help u Thanks anyway. 

John 
 
 "L. Christopher Luther" <CLuther () Xybernaut com> wrote: 

John,  

Can you be a little more specific:  

Where did you get the distro of Snort?  

Was it precompiled?  

You say you're getting alerts, how do you know?  Are you also logging
somewhere else, and if so, how?  


Regards, 

Christopher 


-----Original Message----- 
Date: Fri, 10 Jan 2003 05:26:29 -0800 (PST) 
From: Sh J <shay_work () yahoo com> 
To: Snort-users () lists sourceforge net 
Subject: [Snort-users] Win users - HELP 
--0-629776278-1042205189=:76514 
Content-Type: text/plain; charset=us-ascii 


Hello u all, 

I realy need u all win users i'm running snort 1.9 on win2000 all o.k, until
i tried log 
all the alerts to csv file nothing is writting into the file and i get
alerts. 
does anyone got an idea, Do i need to install somthing or it already build
in the 
snort. 

does someone manage to do that? 

And What about Snmp Traps with windows????? 

Any Help will DO THANKS 

John
Previous By Date Next
Previous By Thread Next

Current thread: