Snort mailing list archives
RE: Snort Event Ids on win2000
From: "Michael Steele" <michaels () winsnort com>
Date: Tue, 27 May 2003 20:19:15 -0700
C, Not real sure what you're trying to do here. If you have Snort configured to log to Syslog then you will only get a single line of text from the actual alert. Logging to Syslog is generally used for Emailing alerts based on a specific pattern. You can use ACID or Snortsnarf to view the complete alert, but you will need to setup a Viewer like ACID or Snortsnarf (there are others). The actual alert.ids file (Snort log) can be found in the /log folder where you specified the -l in your run line. Cheers... -Michael Steele -- System Engineer / Security Support Technician mailto:michaels () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of C Wells Sent: Tuesday, May 27, 2003 5:10 PM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Snort Event Ids on win2000 Is there documentation of the Snort Event Ids that one could find in the Application Event Log of Windows 2000 ? If Snort doesn't write to the Event log on win2000 where might I find 'log' type information ? Thanks __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com ------------------------------------------------------- This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Snort-snmp for snort-2.0.0 David Powell (May 27)
- Re: Snort-snmp for snort-2.0.0 Glenn Mansfield Keeni (May 27)
- Snort Event Ids on win2000 C Wells (May 27)
- RE: Snort Event Ids on win2000 Michael Steele (May 27)
- Snort Event Ids on win2000 C Wells (May 27)
- Re: Snort-snmp for snort-2.0.0 Glenn Mansfield Keeni (May 27)