Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: reading snort logs

From: James Lay <jlay () slave-tothe-box net>
Date: Sun, 21 Apr 2013 09:28:48 -0600
Snort MiniFAQ

Snort is an IDS/IPS that can listen on live interfaces and read pcaps (run with -r).  If you're running anything 
besides the latest snort (http://www.snort.org/snort-downloads) then stop reading and install that FIRST.  The internet 
is chock full of outdated how-to's with snort.  If you've used one to install snort, then be prepared to make some 
changes. 

Snort can (add to your snort.conf) output to human readable text (output alert_fast:), unified2 filetype (output 
unified2:), syslog (output alert_syslog:), and pcap file format (output log_tcpdump:).

If you're wanting database support, then barnyard2 is the application you'll want to read the unified2 files that will 
get put into your database.  If you want to listen to multiple interfaces and have multiple sources of data, then 
your'e going to have to have multiple instances of snort and barnyard2 running.  In a nutshell you'll want for example 
a snort1.conf, snort2.conf, and snort3, conf as well as a barnyard1.conf, barnyard2.conf, and barnyard2.conf.  You can 
have the unified2 files be differently named, or read from different directories.


On Apr 21, 2013, at 8:16 AM, "MCLEOD, DONNIE" <DMCLEO11 () caledonian ac uk> wrote:


Hi, can anyone tell me how to open and read snort logs?
I'am a newbe to snort,thanks 

Don
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!



------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: