Snort mailing list archives

RE: Snort Logs

From: "grant" <grant () macaulayconsultants co uk>
Date: Fri, 17 Oct 2003 08:47:59 +0100

Setup snortsnarf 021111.1 with active perl build 635. Remove any output plugins from snort.conf and use the default 
alert.ids. Scan.log is from the portscan preprocessors, this also puts an entry in alert.ids so just go with this for 
starters. You do not need to run a web site to read the html reports.Snortsnarf changes a 25 Mbyte log into a 200 Mbyte 
report. It also likes to have enough memory. Once you have tuned rules alert.ids is not very big at all.
 
Grant

        -----Original Message----- 
        From: snort-users-admin () lists sourceforge net on behalf of Martin Jr., D. Michael 
        Sent: Tue 14/10/2003 14:42 
        To: snort-users () lists sourceforge net 
        Cc: 
        Subject: [Snort-users] Snort Logs

Current thread:

Snort Logs Martin Jr., D. Michael (Oct 14)
- <Possible follow-ups>
- RE: Snort Logs Martin Jr., D. Michael (Oct 14)
  - Re: RE: Snort Logs Nick Oliver (Oct 14)
- RE: Snort Logs grant (Oct 17)