[Snort-users] Snort Newbie
dpowell at ...2288...
Thu Jun 14 16:51:33 EDT 2001
I am setting up snort on my Linux 7.0 box. I have it where I can run it and
send the reports to /var/log/snort/*ip* . All that ends up in these logs are
the hex dumps. I was expecting
Oct 24 10:38:00 host22-107 snort:spp_portscan:PORTSCAN DETECTED from *ip*
How do I get outputs like this?
A few more questions
Does snort take up a lot of CPU usage?
Does snort have to be ran as root?
Is there any known security holes with snort?
Thanks in advance
More information about the Snort-users