Patrick Harper <mailto:patrick@internetsecurityguru.com>
on Wednesday, August 24, 2005 2:52 PM said:
What are you expecting to do with the data and what are you going got
use to analyze it? just wanted to make sure you have thought about
it.
My intent is to get a better idea of what kind of traffic is traversing
my network. I don't know what kind of attacks I'm on the look out for
but I was hoping Snort would let me know (using the rule files). Of
course I expect to learn more as I go along.
If you want to log binary then throw the right switch's, use the
init script to crank it up on boot.
Where is the init script and what is it? I did 'locate init|grep snort'
but didn't get anything back.
I would suggest trying mysql and
base to get used to it, Sguil if you want more in depth analysis of
your packets. But you need a little more configuration.
At the suggestion of another user (off list) I am trying to get it to
work with MySQL and ACID (so far so good but I'm not quite done yet).
There are
guides on snort.org for most OS's and config types, they will help
you with what files go where
I'm going through the ACID and MySQL setup doc right now.
, and the mailing list is probably the
best place to get faster answers.
Good. :)
Thanks,
Chris.
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list
