Re: Snorby and Snort

[JJC <cummingsj () gmail com>]

The hostname option is in the BY2 config also, IIRC

On Thu, Nov 11, 2010 at 9:00 AM, Atkins, Dwane P <ATKINSD () uthscsa edu> wrote:
> Thank you.  This has been done.  I am not seeing a Hostname called unknown:eth1.  It now has 844 events and was 
> plugged in less than 20 minutes ago so I believe something is working.  Is there a way to name that unknown:eth1 
> hostname to something meaningful without putting an ip address on it?
>
> Also, I am very knew at this so this is quite an accomplishment for the whole team.  I appreciate everyone's help.
>
> Thank you.
>
> Dwane
>
> -----Original Message-----
> From: JJC [mailto:cummingsj () gmail com]
> Sent: Thursday, November 11, 2010 9:24 AM
> To: Joel Esler
> Cc: Atkins, Dwane P; snort-users () lists sourceforge net
> Subject: Re: [Snort-users] Snorby and Snort
>
> Further, you can specify what interface that barnyard is populating
> the database with, read through the config file (this assumes that you
> have the correct value for -i when you start snort).
>
> JJC
>
> On Wed, Nov 10, 2010 at 1:56 PM, Joel Esler <jesler () sourcefire com> wrote:
> > Snort will need the correct interface passed to it on the command line with
> > the -i tag.
> >
> >
> > Sent from my iPhone
> > On Nov 10, 2010, at 3:50 PM, "Atkins, Dwane P" <ATKINSD () uthscsa edu> wrote:
> >
> > This may be a stupid question now, but I decided to try the Snort/Snorby
> > setup and my only issue at this point is it appears that, on the GUI, it
> > only sees events on our management port instead of the other NIC which is in
> > promiscuous mode.
> >
> >
> >
> > Are there any modifications I can make to make this a smoother setup?
> >
> >
> >
> > Thank you
> >
> >
> >
> > Dwane
> >
> > ------------------------------------------------------------------------------
> > The Next 800 Companies to Lead America's Growth: New Video Whitepaper
> > David G. Thomson, author of the best-selling book "Blueprint to a
> > Billion" shares his insights and actions to help propel your
> > business during the next growth cycle. Listen Now!
> > http://p.sf.net/sfu/SAP-dev2dev
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > ------------------------------------------------------------------------------
> > The Next 800 Companies to Lead America's Growth: New Video Whitepaper
> > David G. Thomson, author of the best-selling book "Blueprint to a
> > Billion" shares his insights and actions to help propel your
> > business during the next growth cycle. Listen Now!
> > http://p.sf.net/sfu/SAP-dev2dev
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
Centralized Desktop Delivery: Dell and VMware Reference Architecture
Simplifying enterprise desktop deployment and management using
Dell EqualLogic storage and VMware View: A highly scalable, end-to-end
client virtualization framework. Read more!
http://p.sf.net/sfu/dell-eql-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users