Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort-sigs Digest, Vol 76, Issue 14

From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 11 Sep 2012 15:29:42 -0400
On Sep 11, 2012, at 1:24 PM, PR<oly562 () gmail com>  wrote:


when i ran a script, bash simple with 2 lines just like i type them into
the cmdline, it said ipvar 192.168.1.0/24 cant be something... i have
since just ran the cmds one at a time, and i dont see that anymore, but
it said failed or errored... something like that. sorry i missed it...
maybe its in the logs? i cant read the logs as they are in unified
format. i guess... lol....

ls /var/log/snort/
alert                 snort.log.1347321601  snort.log.1347374349
snort.log.1347320873  snort.log.1347325626  snort.log.1347382370
snort.log.1347321584  snort.log.1347346937  snort.log.1347382486
snort.log.1347321592  snort.log.1347347097  snort.log.1347383400

this is what i mean, i can't less them:

less /var/log/snort/snort.log.1347320873
"/var/log/snort/snort.log.1347320873" may be a binary file.  See it
anyway?

your thoughts?


those files, while named snort.log.unixtimestamp, are not log files per se... 
they are, IME, pcap files... the default name of "snort.log" really should be 
changed in the default config file distributed by VRT and snort so that it more 
properly indicates what those files are... i danced all around them for a long 
long while until joel had me send on to him and he was able to determine that it 
was a pcap file...

look in your snort.conf file for snort.log and let's see what area it is defined 
in then we can be more sure if they are pcaps or something else...

so with that said, you use wireshark or similar pcap tools to read them IF they 
are pcap files ;)

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: