Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-users] Re: Snort-users digest, Vol 1 #5395 - 2 msgs

from [sarma nmrk] Network Security [Permanent Link]
Subject: [Snort-users] Re: Snort-users digest, Vol 1 #5395 - 2 msgs
Date: Thu, 24 Nov 2005 13:29:45 +0530 
Dear all,

I am using the snort 2.4.3 and alerts are loged in the
/var/log/snort/alert.I commented this line in snort.conf

#output alert_syslog: LOG_AUTH LOG_ALERT

Using swatch i am trying to generate the real time alerts but i am not able
to get complete alert in the mail.

It is just searching the Key word and sending me a mail of  that line only.

ICMP TTL:32 TOS:0x0 ID:51019 IpLen:20 DgmLen:60.

I uncommeted the line snort.conf

output alert_syslog: LOG_AUTH LOG_ALERT

All my snort alerts are logged to /var/log/messages.

Then i am getting complete real time alerts.

nov 24 12:54:13 hcs-monitor snort[6495]: [1:466:5] ICMP L3retriever Ping
[Classification: Attempted Information Leak] [Priority: 2]: {ICMP}
172.16.131.227 -> 172.20.1.4

Can any one please let me know if i can use the snort to log alerts in both
the files

*/var/log/messages and /var/log/snort/alert.*

I am unable to generate the hostoric reports like one month report using the
/var/log/messages  file.

it is giving me error

No correct logs found

can Any one help me in this regard
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Snort-users] Re: Snort-users digest, Vol 1 #5395 - 2 msgs, sarma nmrk <=
Previous by Date:  RE: [Snort-users] HW Specs, Timothy A. Holmes
Next by Date:  RE: [Snort-users] HW Specs, Alex Butcher, ISC/ISYS
Previous by Thread:  [Snort-users] Libnet v1.1 vs libnet v1.0.2a, TPanaitescu
Next by Thread:  [Snort-users] send flex-resp through interface which has no ip-address!?, Elmar Bschorer
Indexes:  [Date] [Thread] [Top] [All Lists]