Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: snort.org > snort-sigs > 03 > 101410.html (Request Expert snort.org Support)

RE: [Snort-sigs] Snort Logs

From: Martin Jr., D. Michael <martinm(at)montevallo.edu>
Date: Mon Oct 13 2003 - 12:02:58 EDT


I have tried the switch as you have indicated with the -x. I still get the logs in that unreadable format.

Help???

Michael

-----Original Message-----

From: Robert Wagner [mailto:rwagner@eruces.com] Sent: Monday, October 13, 2003 9:16 AM
To: Martin Jr., D. Michael
Subject: RE: [Snort-sigs] Snort Logs

Try using Snort with the -X option:

       -X Dump the raw packet data starting at the link layer. This

              switch overrides the

 -l log-dir

Do you need help?X

              Set the output logging directory to log-dir. All plain
text

              alerts and packet logs go into this directory. If this option

              is not specified, the default logging directory is set
to

              /var/log/snort.

-----Original Message-----

From: Martin Jr., D. Michael [mailto:martinm@montevallo.edu] Sent: Monday, October 13, 2003 8:57 AM
To: snort-sigs@lists.sourceforge.net
Subject: [Snort-sigs] Snort Logs

As I have stated before, I am very new to snort and I am using it in a Windows environment (maybe that is my problem) :-0

But I am having a devil of a time with these logs. ANY HELP would be appreciated.

I am not using MySQL (yet) for the keeping of the logs but I am having trouble reading the Snort logs that are created.

Do you need more help?X

Here is the type of logs I have:

--scan.log (text format. Very criptic and not really clear on what was
seen or alarmed.

AND, the following (tcpdump format, maybe? How do read it? Ethereal doesn't know what do with the file.):

--snort.alert.(some numeric string)

AND one file that apparently is in tcpdump format that Ethereal can read:
--tcpdump.log.(some numeric string)

I don't have many rules even turned on at this point and because I can't read the logs I don't know what else needs to be "tweaked" in Snort. Any assistance would be GREATLY appreciated.

Thanks,

Michael Martin


This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Mon Oct 13 12:49:43 2003
Can we help you?X

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:36 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library