Snort mailing list archives
Re: RE: Snort Logs
From: "Nick Oliver" <nwoliver () internetsecurityguru com>
Date: Tue, 14 Oct 2003 15:44:48 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you are not going to go the Linux/Snort/MySQL/Acid route, go to www.swordsoft.com and try Eric Knight's Visual Intrusion Analyzer.. It may prove to be helpful. If you decide to go the Linux route, go to www.internetsecurityguru.com and try the install paper that Patrick Harper has written. It is very suitable for a newbie to both Linux and Snort. nwo - ----- Original Message ----- From: "Martin Jr., D. Michael" <martinm () montevallo edu> To: <snort-users () lists sourceforge net> Sent: Tuesday, October 14, 2003 1:34 PM Subject: [Snort-users] RE: Snort Logs
I am very new to snort and I am using it in a Windows environment (maybe that is my problem) :-0 But I am having a devil of a time with these logs. ANY HELP would be appreciated. I am not using MySQL (yet) for the keeping of the logs but I am having trouble reading the Snort logs that are created. Here is the type of logs I have: --scan.log (text format. Very criptic and not really clear on what was seen or alarmed. I specifically would like to know what the sport:, dport:, tgts:, ports:, flags:, event_id:) AND, the following (tcpdump format, maybe? How do read it? Ethereal doesn't know what do with the file.): --snort.alert.######### --snort.log.######### --snort.suspicious.######### AND one file that apparently is in tcpdump format that Ethereal can read: --tcpdump.log.######### I don't have many rules even turned on at this point and because I can't read the logs I don't know what else needs to be "tweaked" in Snort. Any assistance would be GREATLY appreciated. Thanks, Michael Martin ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list
-----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 iQA/AwUBP4xgPoh2YiHWR3orEQLO7ACcD4qsPFlcxthN7vOJjL0d4sQWg6EAoOGO /Rs9Vl3Rt1PD/b9iAx/pkjAu =IYsa -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Logs Martin Jr., D. Michael (Oct 14)
- <Possible follow-ups>
- RE: Snort Logs Martin Jr., D. Michael (Oct 14)
- Re: RE: Snort Logs Nick Oliver (Oct 14)
- RE: Snort Logs grant (Oct 17)