Snort mailing list archives
logging both TCPdump dump and fast format.
From: Anthony Geoffron <anthonyg () passinglane com>
Date: Mon, 6 Aug 2001 10:23:08 -0700
Since guardian does not work with the -d (unless I'm wrong here) Is there any way to log both with -d and without -d. Anthony. -----Original Message----- From: Jyri Hovila [mailto:jyri.hovila () iki fi] Sent: Sunday, August 05, 2001 5:03 PM To: 'Advanced Hosting UNIX Admin Daniel Fairchild'; snort-users () lists sourceforge net Subject: RE: [Snort-users] anyone have any trouble getting guardian to work Howdy! It can be a bit tricky to get Guardian work as the documentation is not too good. First of all, make sure that the logfile Guardian is reading is written in Snort's 'fast' format. Guardian can only read the 'fast' logfile; it does not cope with full or tcpdump format log files. If this is not the problem in your case, then please send me your Guardian and Snort configuration files (guardian.conf and snort.conf, don't need the *.rules files) and I'll try to figure out what's wrong. Yours, Jyri Information Security Specialist Tel: +358-41-448 3238 E-mail: jyri.hovila () iki fi Certifications: http://www.brainbench.com/transcript.jsp?pid=2301241 -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Advanced Hosting UNIX Admin Daniel Fairchild Sent: 6. elokuuta 2001 1:53 To: snort-users () lists sourceforge net Subject: [Snort-users] anyone have any trouble getting guardian to work I am trying to use guardian to add entries to my iptables and I am getting nothing I put guardian in debug mode and it reads from the alert file but does nothing. TIA for anyones help with this one. -- Advanced Hosting UNIX Admin | Daniel Fairchild danielf () supportteam net Unix is like a wigwam -- no Gates, no Windows, and an Apache inside. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- logging both TCPdump dump and fast format. Anthony Geoffron (Aug 06)