Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] More questions on Snort/barnyard

from [sudhakar govindavajhala] Network Security [Permanent Link]
Subject: Re: [Snort-users] More questions on Snort/barnyard
Date: Thu, 31 Jan 2008 13:01:41 -0500 
Thanks Paul.






2) Why do I get this error?  How can I shut this off?  Is this warning a
problem?
WARNING: Unable to extract timestamp file extension from 'snort.log'



Shut what off?


Sudhakar: Why I get this warning? "WARNING: Unable to extract timestamp file
extension from 'snort.log'"

What can I do to turn off this warning?


--Sudhakar




3) What is a good size to set for files below?

# Two arguments are supported.
#    filename - base filename to write to (current time_t is appended)
#    limit    - maximum size of spool file in MB (default: 128)
#
 output alert_unified: filename snort.alert, limit 128
 output log_unified: filename snort.log, limit 128

What happens when the file size (128) is reached? Does Snort die or

restart?




The defaults are fine.  When they're reached, snort simply starts a new
logfile.



4) I briefly looked at implementation of barnyard. I may be wrong here.

How

does barnyard poll the directory? Is it busy-looping?



It watches for new entries in the log.


5) What is the difference between alert and log?  I am thinking alert is

the

human readable version.  What is the difference between snort.log and
snort.log.timestamp?



You really need to learn how to do your own research.  Most of your
questions
have already been asked hundreds of times and answered.

<http://www.snort.org/docs/faq/3Q06/node73.html>

--
Paul Schmehl (pauls@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] ipv6 header scan using snort, Martin Roesch
Next by Date:  [Snort-users] [ANNOUNCE] WinPcap 4.1 beta3 has been released, Gianluca Varenni
Previous by Thread:  Re: [Snort-users] More questions on Snort/barnyard, Paul Schmehl
Next by Thread:  [Snort-users] Ask free software IDS anomaly, Mohamad firman
Indexes:  [Date] [Thread] [Top] [All Lists]