IDS mailing list archives
RE: Snort test logs available?
From: "Chris Petersen" <chris () security-conscious com>
Date: Sun, 27 Apr 2003 10:06:42 -0400
You can also find network data containing attacks at http://www.ll.mit.edu/IST/ideval/data/data_index.html. This was a project done by MIT/DARPA. There are weeks worth of data from 98/99 generated in a "real-world" setting. These are also tcpdump files. Whether you use these or the ones from SANS you will want to run snort in replay mode using the -r switch. This will run Snort against the TCPDump file and generate Snort alerts/logs. snort -c /etc/snort/snort.conf -r /data/mit_data/wk1day1_tcpdump Good luck. Chris Petersen Security Conscious, Inc. www.security-conscious.com
-----Original Message----- From: Bill Royds [mailto:Bill () royds net] Sent: Saturday, April 26, 2003 2:12 PM To: Shwaine; focus-ids () securityfocus com Subject: Re: Snort test logs available? SANS has a repository of Snort logs for use in the GCIA intrusion detection certification at http://www.incidents.org/logs/Raw These are tcdump format files from a Snort installation. They only reflect packets that triggered the alerts. ----- Original Message ----- From: "Shwaine" <shwaine () shwaine com> To: <focus-ids () securityfocus com> Sent: Friday, April 25, 2003 5:28 AM Subject: Snort test logs available? : Hi all, : : I am currently involved in a research project as part of my thesis : research that uses Snort log data. Right now, we are trying to make : sure our tools work well on a wide variety of Snort logging formats : and versions. To this end, I was wondering if there are any public : repositories of Snort logs which we could use to test our tools. : : Melissa Danforth : UC Davis Seclab : : : : -------------------------------------------------------------- ------------ ---- : INTRUSION PREVENTION: READY FOR PRIME TIME? : : IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - : including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. : : Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-> ids : : -------------------------------------------------------------- ---------------- INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-> ids
------------------------------------------------------------------------------ INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids
Current thread:
- Snort test logs available? Shwaine (Apr 26)
- Re: Snort test logs available? Bill Royds (Apr 26)
- RE: Snort test logs available? Chris Petersen (Apr 28)
- Re: Snort test logs available? Bill Royds (Apr 26)