[Snort-users] Getting a newbie started

chj at ...1888... chj at ...1888...
Wed Apr 25 04:09:14 EDT 2001


Hi Ben,

If you are not sure what you should be looking for or what you are seeing, 
I would recommend you to get at copy of Stephen Northcut´s book : Network 
Intrusion Detection: An Analyst's Handbook. 
(http://www.amazon.com/exec/obidos/ASIN/0735710082/qid=988184778/sr=1-2/ref=sc_b_3/002-6791629-8011212)
It will tell you what to look for and how to do it and there is lots of 
examples of intrusion attemps.

To get a overview of what Snort detects, I would recommend you something 
like SnortSnarf ( http://www.silicondefense.com/software/snortsnarf/ ) 
that generates a set of HTML files of the data collected from Snort. 

Later on you could expand it with Snorticus : "  Snorticus is a collection of shell scripts designed to allow easy 
management of Snort sensors. It allows you to routinely collect Snort 
sensor data, analyze the data 
via SnortSnarf, and easily maintain rule files"

Hope that helps,

Christian H. Jensen

.................................................................................. 


eSec A/S - Managed Security 

http://www.esec.dk 
Telefon: +45 7020 5585 
Direkte:  +45 4450 2073
Mobil:     +45 20192510
.................................................................................. 





Ben Paul Wise <bwise at ...1895...>
Sent by: snort-users-admin at lists.sourceforge.net
24-04-2001 22:01
Please respond to bwise

 
        To:     snort-users at lists.sourceforge.net
        cc: 
        Subject:        [Snort-users] Getting a newbie started


Folks,

I've downloaded and installed snort. It appears to be working fine.

However, as a total beginner, I'm not sure what I'm seeing, or what is
the best tool to find/view snort's logs. The FAQ's seem more oriented
toward a mid-level user.

Does anyone with recent experience helping a newbie have
recommendations on how to get oriented and started?

-- 
Ben Wise, PhD            Mobile: 703-731-5144
SAIC                     GnuPG ID: 0xF491BD21
http://www.saic.com       bwise at ...1895...

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010425/bcc55b00/attachment.html>


More information about the Snort-users mailing list