Snort mailing list archives

Previous By Date Next
Previous By Thread Next

consult some questions about snort

From: fan wu <conjurer1981 () yahoo com cn>
Date: Sun, 15 Oct 2006 18:44:37 +0800 (CST)
I have configured a snort system (snort 2.4.5)on my computer for debian 
system. Now I am using it and I have some questions.I 
want to  consult them.

   1st: in  debug.h,there  is  a  macro definition

  #define    DebugMessage    DebugMessageFile = __FILE__; 
 DebugMessageLine = __LINE__; DebugMessageFunc
 
   what  does  that  mean?
 
 2nd: in the snort.conf ,I  set  the  output alert_unified 
file and  output log_unified file to be snort.alert and 
snort.log.I am surprised that the content in these files are
 odd characters,which I can't read.
 
 Do the packets' content first encrypted then stored in 
these files?
  
3rd:  what does the time window stand for?I guess it means 
the used time today.Am I right?

4th:  in the snort.conf,I set the HOME_NET localhost,but 
many other IPs appears.These IPs are in the same B-type net.
 

  I am looking for reply,  

 thanks.

                
---------------------------------
 Mp3疯狂搜-新歌热歌高速下   
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: