Snort mailing list archives

RES: Newbie Question on using snort

From: "Sp0oKeR Labs" <spooker () spooker com br>
Date: Wed, 12 Nov 2003 12:21:59 -0200

    Try
    http://www.snort.org/docs/
    There are many documentation.


Best Regards,

Sp0oKeR

  -----Mensagem original-----
  De: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]Em nome de IS Technical
Services
  Enviada em: quarta-feira, 12 de novembro de 2003 11:13
  Para: Snort-Users (E-mail)
  Assunto: [Snort-users] Newbie Question on using snort


  I've been given the job of setting up snort in our environment and I've
managed to get it all working on windows - 2 slave sensors logging to a
master sensor. It produces alerts although maybe not as many as I'd expect
but anyway. I've also got and read most of Brian Caswell's Snort 2.0 book.
What I'm trying to find though are some good websites or books that explain
how to customise the snort installation and why you would leave out certain
rules and include others. Additionally, I'm also interested in finding
information on how to read the alerts or rather what is alert xyz actually
telling me.

  Apologies if these are fairly brain-dead questions but my network analysis
experience is fairly limited.

  thanks

  Rupert Broad




  ***********************************************************************
  The information contained in this E-mail is confidential and may be
  subject to legal privilege. Access to this E-mail by anyone other than
  the intended recipient is unauthorised.If you are not the intended
  recipient, you must not use, copy, distribute or disclose the E-mail or
  any part of its contents or take any action in reliance on it. If you
  have received this E-mail in error, please notify us immediately by
  E-mail or telephone. All reasonable precautions have been taken to
  ensure no viruses are present in this E-mail. As Clerical Medical cannot
  accept responsibility for loss or damage arising from the use of this
  E-mail or attachments we recommend that you subject these to your virus
  checking procedures prior to use.
  Part of the HBOS Group
  Clerical Medical Investment Group Limited
  Registered Office 33 Old Broad Street
  London EC2N 1HZ
  Registered in England and Wales, Registered No. 3196171 Regulated by the
  Financial Services Authority. A member of ABI.
  For staff training and security purposes E-mail communications and
  telephone calls may be monitored or recorded.
  ***********************************************************************

---

Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.538 / Virus Database: 333 - Release Date: 10/11/2003

Current thread:

Newbie Question on using snort IS Technical Services (Nov 12)
- RES: Newbie Question on using snort Sp0oKeR Labs (Nov 12)
  - Re: RES: Newbie Question on using snort Donna dm87 (Nov 12)