Snort mailing list archives
Lets talk about ....
From: PR <oly562 () gmail com>
Date: Sat, 06 Oct 2012 19:42:14 -0700
Let's talk about: local.rules, snort.rules, alert, and snort.log i have one local.rule defined. the basic - hey im getting pinged... i have successfully allowed pp.pl update my snort.rules.... when i hit my server from remote openvas server - all i get is is increase file size of alert, and snort.log. of course i can not see snort.logs, yet.... however, i only see alert showing pings. now, openvasd/client hits it with over 10,000 separate checks, and im sure there are more than just pings being used... now, snort is supposed to log probes, pings, attacks, logins, so on so forth for sigs in the data packets in some place or another, but my point is, im only seeing ping alerts in alert, thats it, ICMP yadda... im not seeing anything worth actually logging to mysql server, not there yet either... im setting up base now, to somehow get data from snort.log or alert to the mysql db. thats the plan... just like it used to work :) however, right now, im pretty sure i would like to view something readable to the human eye... 1. isnt barnyard2 supposed to be able to allow you to view the sigs/data or just does it say ICMP yadda... 2. do need to do anything with my snort.rules, like cat snort.rules >> local.rules ?? 3. how do i get data from barnyard2 to my db to view in a pretty browser GUI like base or snortreport, or jpgraph? ill read up on those, now i know snort.log and alert are actually grabbing data, and barnyard2 states: Opened spool file '/var/log/snort/snort.log.1349576556' Waiting for new data suggestions? for 1,2,3? ill read a bit in the meantime, snort 2.9.3 manual and various other manuals for jpgraph/barnyard2/etc... thanks guys...
------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Lets talk about .... PR (Oct 06)
- Re: Lets talk about .... Peter Bates (Oct 07)
- Re: Lets talk about .... AllowOverride (Oct 07)
- Re: Lets talk about .... AllowOverride (Oct 07)
- Re: Lets talk about .... Peter Bates (Oct 07)
- Re: Lets talk about .... AllowOverride (Oct 08)
- Re: Lets talk about .... Peter Bates (Oct 08)
- Re: Lets talk about .... AllowOverride (Oct 08)
- Re: Lets talk about .... Peter Bates (Oct 09)
- Re: Lets talk about .... AllowOverride (Oct 09)
- Re: Lets talk about .... Jeremy Hoel (Oct 09)
- Re: Lets talk about .... Peter Bates (Oct 07)