Snort mailing list archives
Re: @snort log
From: waldo kitty <wkitty42 () windstream net>
Date: Sat, 06 Jul 2013 09:36:15 -0400
On 7/6/2013 07:52, anagha b wrote:
Hi all Got snort running but everytime i start snort i have to set library path for libdnet.1 I am getting file snort.u2.1373105384 format in /var/log/snort. how to read these files?
U2 files are a combination log format... you must use a tool like barnyard to break them apart and place them into a database... then you use tools to read the database for correlation of the events...
I searched on net but not getting . I want to see snort log should i go for snorby for viewing it? Plz provide link to use gui with snort.
[pedantic] you are not looking for a GUI strictly for snort. that implies a GUI that only controls snort, snort's configs and possibly the rules files...[/pedantic] it sounds like you are instead looking for a GUI to interface to the alert database... snorby is one of numerous such tools... you might want to look at security onion which contains several GUI interfaces so you can choose which one(s) you want or need to use... each has its good points and bad points... some are hard to configure but offer a huge range of capabilities while others are easy to configure but offer a limited set of abilities... http://securityonion.blogspot.com/ NOTE: i have not looked at security onion and do not use it at this time... -- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- @snort log anagha b (Jul 06)
- Re: @snort log waldo kitty (Jul 06)