Snort mailing list archives
RE: Snort Logs
From: "grant" <grant () macaulayconsultants co uk>
Date: Fri, 17 Oct 2003 08:47:59 +0100
Setup snortsnarf 021111.1 with active perl build 635. Remove any output plugins from snort.conf and use the default alert.ids. Scan.log is from the portscan preprocessors, this also puts an entry in alert.ids so just go with this for starters. You do not need to run a web site to read the html reports.Snortsnarf changes a 25 Mbyte log into a 200 Mbyte report. It also likes to have enough memory. Once you have tuned rules alert.ids is not very big at all. Grant -----Original Message----- From: snort-users-admin () lists sourceforge net on behalf of Martin Jr., D. Michael Sent: Tue 14/10/2003 14:42 To: snort-users () lists sourceforge net Cc: Subject: [Snort-users] Snort Logs
Current thread:
- Snort Logs Martin Jr., D. Michael (Oct 14)
- <Possible follow-ups>
- RE: Snort Logs Martin Jr., D. Michael (Oct 14)
- Re: RE: Snort Logs Nick Oliver (Oct 14)
- RE: Snort Logs grant (Oct 17)