Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: @snort log

From: waldo kitty <wkitty42 () windstream net>
Date: Sat, 06 Jul 2013 09:36:15 -0400
On 7/6/2013 07:52, anagha b wrote:

Hi all

Got snort running  but everytime i start snort i have to set library path for
libdnet.1

I am getting file  snort.u2.1373105384  format in /var/log/snort.

how to read these files?


U2 files are a combination log format... you must use a tool like barnyard to 
break them apart and place them into a database... then you use tools to read 
the database for correlation of the events...


I searched on net but not getting .

I want to see snort log should i go for snorby for viewing it?

Plz provide link to use gui with snort.


[pedantic] you are not looking for a GUI strictly for snort. that implies a GUI 
that only controls snort, snort's configs and possibly the rules files...[/pedantic]

it sounds like you are instead looking for a GUI to interface to the alert 
database... snorby is one of numerous such tools... you might want to look at 
security onion which contains several GUI interfaces so you can choose which 
one(s) you want or need to use... each has its good points and bad points... 
some are hard to configure but offer a huge range of capabilities while others 
are easy to configure but offer a limited set of abilities...

   http://securityonion.blogspot.com/

NOTE: i have not looked at security onion and do not use it at this time...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: