[Snort-sigs] Snort Logs

Martin Jr., D. Michael martinm at ...1927...
Mon Oct 13 06:58:03 EDT 2003


As I have stated before, I am very new to snort and I am using it in a
Windows environment (maybe that is my problem) :-0

But I am having a devil of a time with these logs.  ANY HELP would be
appreciated.

I am not using MySQL (yet) for the keeping of the logs but I am having
trouble reading the Snort logs that are created.

Here is the type of logs I have:

--scan.log (text format.  Very criptic and not really clear on what was
seen or alarmed.

AND, the following (tcpdump format, maybe?  How do read it?  Ethereal
doesn't know what do with the file.):

--snort.alert.(some numeric string)
--snort.log.(some numeric string)
--snort.suspicious.(some numeric string)

AND one file that apparently is in tcpdump format that Ethereal can
read:
--tcpdump.log.(some numeric string)

I don't have many rules even turned on at this point and because I can't
read the logs I don't know what else needs to be "tweaked" in Snort.
Any assistance would be GREATLY appreciated.

Thanks,

Michael Martin




More information about the Snort-sigs mailing list