Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Lets talk about ....

From: PR <oly562 () gmail com>
Date: Sat, 06 Oct 2012 19:42:14 -0700
Let's talk about:

local.rules, snort.rules, alert, and snort.log

i have one local.rule defined. the basic - hey im getting pinged...

i have successfully allowed pp.pl update my snort.rules....

when i hit my server from remote openvas server - all i get is is
increase
file size of alert, and snort.log. of course i can not see snort.logs,
yet....
however, i only see alert showing pings.

now, openvasd/client hits it with over 10,000 separate checks, and im
sure
there are more than just pings being used...

now, snort is supposed to log probes, pings, attacks, logins, so on so
forth for sigs in the data packets
in some place or another, but my point is, im only seeing ping alerts in
alert, thats it, ICMP yadda...

im not seeing anything worth actually logging to mysql server, not there
yet either... im setting up base now, 
to somehow get data from snort.log or alert to the mysql db. thats the
plan... just like it used to work :)

however, right now, im pretty sure i would like to view something
readable to the human eye...

1. isnt barnyard2 supposed to be able to allow you to view the sigs/data
or just does it say ICMP yadda...

2. do need to do anything with my snort.rules, like cat snort.rules >>
local.rules ??

3. how do i get data from barnyard2 to my db to view in a pretty browser
GUI like base or 
snortreport, or jpgraph? 

ill read up on those, now i know snort.log and alert are actually
grabbing data, and barnyard2 states:

Opened spool file '/var/log/snort/snort.log.1349576556'
Waiting for new data

suggestions? for 1,2,3?


ill read a bit in the meantime, snort 2.9.3 manual and various other
manuals for jpgraph/barnyard2/etc...

thanks guys... 



------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: