[Snort-sigs] Snort Logs
Martin Jr., D. Michael
martinm at ...1927...
Mon Oct 13 09:04:06 EDT 2003
I have tried the switch as you have indicated with the -x. I still get
the logs in that unreadable format.
From: Robert Wagner [mailto:rwagner at ...447...]
Sent: Monday, October 13, 2003 9:16 AM
To: Martin Jr., D. Michael
Subject: RE: [Snort-sigs] Snort Logs
Try using Snort with the -X option:
-X Dump the raw packet data starting at the link layer.
switch overrides the
Set the output logging directory to log-dir. All
alerts and packet logs go into this directory. If this
is not specified, the default logging directory is
From: Martin Jr., D. Michael [mailto:martinm at ...1927...]
Sent: Monday, October 13, 2003 8:57 AM
To: snort-sigs at lists.sourceforge.net
Subject: [Snort-sigs] Snort Logs
As I have stated before, I am very new to snort and I am using it in a
Windows environment (maybe that is my problem) :-0
But I am having a devil of a time with these logs. ANY HELP would be
I am not using MySQL (yet) for the keeping of the logs but I am having
trouble reading the Snort logs that are created.
Here is the type of logs I have:
--scan.log (text format. Very criptic and not really clear on what was
seen or alarmed.
AND, the following (tcpdump format, maybe? How do read it? Ethereal
doesn't know what do with the file.):
--snort.alert.(some numeric string)
--snort.log.(some numeric string)
--snort.suspicious.(some numeric string)
AND one file that apparently is in tcpdump format that Ethereal can
--tcpdump.log.(some numeric string)
I don't have many rules even turned on at this point and because I can't
read the logs I don't know what else needs to be "tweaked" in Snort.
Any assistance would be GREATLY appreciated.
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
More information about the Snort-sigs