RE: Snort Logs

["Martin Jr., D. Michael" <martinm () montevallo edu>]

I am very new to snort and I am using it in a Windows environment (maybe
that is my problem) :-0

But I am having a devil of a time with these logs.  ANY HELP would be
appreciated.

I am not using MySQL (yet) for the keeping of the logs but I am having
trouble reading the Snort logs that are created.

Here is the type of logs I have:

--scan.log (text format.  Very criptic and not really clear on what was
seen or alarmed.  I specifically would like to know what the sport:,
dport:, tgts:, ports:, flags:, event_id:)

AND, the following (tcpdump format, maybe?  How do read it?  Ethereal
doesn't know what do with the file.):

--snort.alert.#########
--snort.log.#########
--snort.suspicious.#########

AND one file that apparently is in tcpdump format that Ethereal can
read: --tcpdump.log.#########

I don't have many rules even turned on at this point and because I can't
read the logs I don't know what else needs to be "tweaked" in Snort.
Any assistance would be GREATLY appreciated.

Thanks,

Michael Martin


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users