Re: RE: Snort Logs

["Nick Oliver" <nwoliver () internetsecurityguru com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you are not going to go the Linux/Snort/MySQL/Acid route, go to
www.swordsoft.com and try Eric Knight's Visual Intrusion Analyzer..
It may prove to be helpful.  If you decide to go the Linux route, go
to www.internetsecurityguru.com and try the install paper that
Patrick Harper has written. It is very suitable for a newbie to both
Linux and Snort.
nwo
- ----- Original Message ----- 
From: "Martin Jr., D. Michael" <martinm () montevallo edu>
To: <snort-users () lists sourceforge net>
Sent: Tuesday, October 14, 2003 1:34 PM
Subject: [Snort-users] RE: Snort Logs


> I am very new to snort and I am using it in a Windows environment
> (maybe that is my problem) :-0
>
> But I am having a devil of a time with these logs.  ANY HELP would
> be appreciated.
>
> I am not using MySQL (yet) for the keeping of the logs but I am
> having trouble reading the Snort logs that are created.
>
> Here is the type of logs I have:
>
> --scan.log (text format.  Very criptic and not really clear on what
> was seen or alarmed.  I specifically would like to know what the
> sport:, dport:, tgts:, ports:, flags:, event_id:)
>
> AND, the following (tcpdump format, maybe?  How do read it? 
> Ethereal doesn't know what do with the file.):
>
> --snort.alert.#########
> --snort.log.#########
> --snort.suspicious.#########
>
> AND one file that apparently is in tcpdump format that Ethereal can
> read: --tcpdump.log.#########
>
> I don't have many rules even turned on at this point and because I
> can't read the logs I don't know what else needs to be "tweaked" in
> Snort. Any assistance would be GREATLY appreciated.
>
> Thanks,
>
> Michael Martin
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> SourceForge.net hosts over 70,000 Open Source Projects.
> See the people who have HELPED US provide better services:
> Click here: http://sourceforge.net/supporters.php
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBP4xgPoh2YiHWR3orEQLO7ACcD4qsPFlcxthN7vOJjL0d4sQWg6EAoOGO
/Rs9Vl3Rt1PD/b9iAx/pkjAu
=IYsa
-----END PGP SIGNATURE-----



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users