Snort mailing list archives

Re: Snort Alert Processing Survey

From: James Lay <jlay () slave-tothe-box net>
Date: Tue, 14 Mar 2017 17:50:54 -0600

On Tue, 2017-03-14 at 13:48 -0700, m-one wrote:

1.  I'm wondering how the vast millions of Snort Users are monitoring
Snort alerts?  So please, let's here it -- how are you answering the
question is my Snort application effective?  Where do you look to
examine Snort Alerts?

tail -f snort.fast
sguil for interesting hits (doesn't show portscany noise)
James
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

BASE 1.4.5 Non-Operational on Fedora 25 m-one (Mar 13)
- Re: BASE 1.4.5 Non-Operational on Fedora 25 Marcin Dulak (Mar 13)
  - Snort Alert Processing Survey m-one (Mar 14)
    - Re: Snort Alert Processing Survey James Lay (Mar 14)
    - Re: Snort Alert Processing Survey wkitty42 (Mar 15)
    - Re: Snort Alert Processing Survey Jack Pepper (Mar 15)
    - Re: Snort Alert Processing Survey Marcin Dulak (Mar 15)
    - Re: Snort Alert Processing Survey eagleliujin () 163 com (Mar 16)
    - Re: Snort Alert Processing Survey Gregory (Greg) Nowicki (Mar 21)
    - Snort Bridge in Snort-IPS-Tutorial.pdf B (Mar 26)
    - Bridging issue inline B (Mar 28)
    - Re: Bridging issue inline wkitty42 (Mar 28)
    - Message not available
    - Message not available
    - Re: Bridging issue inline B (Mar 29)
    - Re: Snort Alert Processing Survey Jim Hranicky (Mar 27)