Snort mailing list archives
Re: Snort-sigs Digest, Vol 76, Issue 14
From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 11 Sep 2012 15:29:42 -0400
On Sep 11, 2012, at 1:24 PM, PR<oly562 () gmail com> wrote:
when i ran a script, bash simple with 2 lines just like i type them into the cmdline, it said ipvar 192.168.1.0/24 cant be something... i have since just ran the cmds one at a time, and i dont see that anymore, but it said failed or errored... something like that. sorry i missed it... maybe its in the logs? i cant read the logs as they are in unified format. i guess... lol.... ls /var/log/snort/ alert snort.log.1347321601 snort.log.1347374349 snort.log.1347320873 snort.log.1347325626 snort.log.1347382370 snort.log.1347321584 snort.log.1347346937 snort.log.1347382486 snort.log.1347321592 snort.log.1347347097 snort.log.1347383400 this is what i mean, i can't less them: less /var/log/snort/snort.log.1347320873 "/var/log/snort/snort.log.1347320873" may be a binary file. See it anyway? your thoughts?
those files, while named snort.log.unixtimestamp, are not log files per se... they are, IME, pcap files... the default name of "snort.log" really should be changed in the default config file distributed by VRT and snort so that it more properly indicates what those files are... i danced all around them for a long long while until joel had me send on to him and he was able to determine that it was a pcap file... look in your snort.conf file for snort.log and let's see what area it is defined in then we can be more sure if they are pcaps or something else... so with that said, you use wireshark or similar pcap tools to read them IF they are pcap files ;) ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: Snort-sigs Digest, Vol 76, Issue 14 Joel Esler (Sep 11)
- Re: Snort-sigs Digest, Vol 76, Issue 14 PR (Sep 11)
- Re: Snort-sigs Digest, Vol 76, Issue 14 waldo kitty (Sep 11)