Snort mailing list archives
Re: snort + aris
From: Ron 'The InSaNe One' Rosson <insane () lunatic oneinsane net>
Date: Tue, 15 May 2001 07:52:43 -0700
So there is no command line or config file for snort that will allow it to keep logging to a database while creating an alert file for aris's extractor to use. It got to be something simple that we are missing. TIA Robert D. Hughes (rob () robhughes com) wrote:
Maybe so. I don't know. You'll have to log to the alert file if you want to use ARIS though. -----Original Message----- From: Ron Rosson [mailto:insane () lunatic oneinsane net] Sent: Sunday, May 13, 2001 11:40 AM To: Robert D. Hughes Cc: Ryan Russell; snort-users () lists sourceforge net Subject: Re: [Snort-users] snort + aris Robert D. Hughes (rob () robhughes com) wrote:Check the ARIS and extractor (sfclean is now extractor) docs. They'll give you the command line for both snort and extractor. Mine is /usr/local/bin/snort -A full -c /usr/local/etc/snort.conf -dDeX -i xl0 -u nobody. It works at least. Last time I checked, -A full and -d are the only required ones. -----Original Message----- From: Ron 'The InSaNe One' Rosson [mailto:insane () lunatic oneinsane net] Sent: Saturday, May 12, 2001 5:10 PM To: Ryan Russell Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] snort + aris Ryan Russell (ryan () securityfocus com) wrote:Was the question regarding how to get Snort running, or how to get it to feed to ARIS? Ryan On Fri, 11 May 2001, Ron 'The InSaNe One' Rosson wrote:I am getting ready to reset up aris on my network but I am confused on what my command line should be. Here is my basic setup: IDS system logging to a remote Database Command line for snort is: /usr/local/bin/snort -D -d -c /etc/snort.rules Here is the output part of my snort.rules file output database: alert, mysql, user=nobody dbname=snort host=postalI am looking for the proper command line to run with SNORT. TIAIf I read the man page right that overrides the databse logging.
-- ------------------------------------------------------------------------------ Ron Rosson ... and a UNIX user said ... The InSaNe One rm -rf * insane () oneinsane net and all was /dev/null and *void() ------------------------------------------------------------------------------ Adults are just kids that owe money _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort + aris Ron 'The InSaNe One' Rosson (May 11)
- Re: snort + aris Ryan Russell (May 11)
- Re: snort + aris Ron 'The InSaNe One' Rosson (May 12)
- RE: snort + aris Aaron McKinnon (May 11)
- <Possible follow-ups>
- RE: snort + aris Robert D. Hughes (May 12)
- Re: snort + aris Ron Rosson (May 13)
- Re: snort + aris Ron 'The InSaNe One' Rosson (May 15)
- Re: snort + aris Andreas Hasenack (May 15)
- Re: snort + aris Ryan Russell (May 11)