Snort mailing list archives
Re: Snorby and Snort
From: JJC <cummingsj () gmail com>
Date: Thu, 11 Nov 2010 09:05:58 -0700
The hostname option is in the BY2 config also, IIRC On Thu, Nov 11, 2010 at 9:00 AM, Atkins, Dwane P <ATKINSD () uthscsa edu> wrote:
Thank you. This has been done. I am not seeing a Hostname called unknown:eth1. It now has 844 events and was plugged in less than 20 minutes ago so I believe something is working. Is there a way to name that unknown:eth1 hostname to something meaningful without putting an ip address on it? Also, I am very knew at this so this is quite an accomplishment for the whole team. I appreciate everyone's help. Thank you. Dwane -----Original Message----- From: JJC [mailto:cummingsj () gmail com] Sent: Thursday, November 11, 2010 9:24 AM To: Joel Esler Cc: Atkins, Dwane P; snort-users () lists sourceforge net Subject: Re: [Snort-users] Snorby and Snort Further, you can specify what interface that barnyard is populating the database with, read through the config file (this assumes that you have the correct value for -i when you start snort). JJC On Wed, Nov 10, 2010 at 1:56 PM, Joel Esler <jesler () sourcefire com> wrote:Snort will need the correct interface passed to it on the command line with the -i tag. Sent from my iPhone On Nov 10, 2010, at 3:50 PM, "Atkins, Dwane P" <ATKINSD () uthscsa edu> wrote: This may be a stupid question now, but I decided to try the Snort/Snorby setup and my only issue at this point is it appears that, on the GUI, it only sees events on our management port instead of the other NIC which is in promiscuous mode. Are there any modifications I can make to make this a smoother setup? Thank you Dwane ------------------------------------------------------------------------------ The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book "Blueprint to a Billion" shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------------------------------ The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book "Blueprint to a Billion" shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Centralized Desktop Delivery: Dell and VMware Reference Architecture Simplifying enterprise desktop deployment and management using Dell EqualLogic storage and VMware View: A highly scalable, end-to-end client virtualization framework. Read more! http://p.sf.net/sfu/dell-eql-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snorby and Snort Atkins, Dwane P (Nov 10)
- Re: Snorby and Snort Joel Esler (Nov 10)
- Re: Snorby and Snort JJC (Nov 11)
- Re: Snorby and Snort Atkins, Dwane P (Nov 11)
- Re: Snorby and Snort JJC (Nov 11)
- Re: Snorby and Snort JJC (Nov 11)
- Re: Snorby and Snort Joel Esler (Nov 10)