Snort mailing list archives

Re: general questions

From: Mohammad MontazerI <mohamad_montazery () yahoo com>
Date: Fri, 29 Mar 2013 12:40:32 -0700 (PDT)

i know.
but snort has packet sniffer. so i can use it as an IDS and network traffic shape. cant?
if its not for this kind of need so the log file used for what?
why even snort create a log file from network traffic?




________________________________
 From: Jeremy Hoel <jthoel () gmail com>
To: Mohammad MontazerI <mohamad_montazery () yahoo com> 
Cc: "snort-users () lists sourceforge net" <snort-users () lists sourceforge net> 
Sent: Friday, March 29, 2013 11:36 PM
Subject: Re: [Snort-users] general questions
 
That's not the purpose of snort..

network traffic shape and flows is nflow/rflow/ntop/argus type tools.

to see what websites people are visiting.. try bro, httpry (httproxy)
and other such tools..

snort is not the tool for these needs.


On Fri, Mar 29, 2013 at 6:56 PM, Mohammad MontazerI
<mohamad_montazery () yahoo com> wrote:

i want use the data to find out the network traffic shape.
such as: who goes where! users most visiting websites and ...
for this purpose how i should out put the data?

________________________________
From: Jeremy Hoel <jthoel () gmail com>
To: Mohammad MontazerI <mohamad_montazery () yahoo com>
Cc: "snort-users () lists sourceforge net" <snort-users () lists sourceforge net>
Sent: Friday, March 29, 2013 10:52 PM

Subject: Re: [Snort-users] general questions

You need to look at the snort.conf in the output section and see how
snort outputs it's data.. it can output data in plain text, binary and
unified.  you could use a SIEM tool to read the plain text, barnyard
for the unified and there's a tool for the binary too..

you need to figure out how you want to use the data in order to
determine how to output it.

On Fri, Mar 29, 2013 at 4:59 PM, Mohammad MontazerI
<mohamad_montazery () yahoo com> wrote:


Which log files would you like read?
i thought there is just one log file!

however, i used this command:
./snort -d -h 192.168.1.0/24 -l ./log -c snort.conf

and it created two flies:
alert and a log file.
i m trying to read this log file.

________________________________
From: Heine Lysemose <lysemose () gmail com>
To: Mohammad MontazerI <mohamad_montazery () yahoo com>
Cc: snort-users () lists sourceforge net
Sent: Friday, March 29, 2013 8:19 PM
Subject: Re: [Snort-users] general questions

You can use pulledpork to manage your rules.
Which log files would you like read?
/Lysemose
On Mar 29, 2013 4:44 PM, "Mohammad MontazerI"
<mohamad_montazery () yahoo com>
wrote:



________________________________

Hello dear all.
i had a few questions which some of them has been answered but some is
not.

1- which rule manager is better and wherei can download it?
2- is there any software which i can use it to read the log
files?(something
give more options )

Thanks.






------------------------------------------------------------------------------
Own the Future-Intel(R) Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest. Compete
for recognition, cash, and the chance to get your game on Steam.
$5K grand prize plus 10 genre and skill prizes. Submit your demo
by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!







------------------------------------------------------------------------------
Own the Future-Intel(R) Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest. Compete
for recognition, cash, and the chance to get your game on Steam.
$5K grand prize plus 10 genre and skill prizes. Submit your demo
by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!




------------------------------------------------------------------------------
Own the Future-Intel(R) Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest. Compete
for recognition, cash, and the chance to get your game on Steam.
$5K grand prize plus 10 genre and skill prizes. Submit your demo
by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!

------------------------------------------------------------------------------
Own the Future-Intel(R) Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest. Compete 
for recognition, cash, and the chance to get your game on Steam. 
$5K grand prize plus 10 genre and skill prizes. Submit your demo 
by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

general questions Mohammad MontazerI (Mar 28)
- Re: general questions Ricky Huang (Mar 28)
  - Re: general questions Mohammad MontazerI (Mar 29)
    - Re: general questions Heine Lysemose (Mar 29)
    - Message not available
    - Re: general questions Mohammad MontazerI (Mar 29)
    - Re: general questions Jeremy Hoel (Mar 29)
    - Re: general questions Mohammad MontazerI (Mar 29)
    - Re: general questions Jeremy Hoel (Mar 29)
    - Re: general questions Mohammad MontazerI (Mar 29)
    - Re: general questions Jeremy Hoel (Mar 29)
    - Re: general questions waldo kitty (Mar 29)
    - Re: general questions Mohammad MontazerI (Mar 29)
    - Re: general questions Jeremy Hoel (Mar 30)
    - Re: general questions waldo kitty (Mar 29)
    - Re: general questions waldo kitty (Mar 29)
    - Re: general questions waldo kitty (Mar 29)
    - Re: general questions waldo kitty (Mar 29)