[Snort-users] Snort Newbie

Darrin Powell dpowell at ...2288...
Thu Jun 14 16:51:33 EDT 2001


 I am setting up snort on my Linux 7.0 box. I have it where I can run it and 
send the reports to /var/log/snort/*ip* . All that ends up in these logs are 
the hex dumps. I was expecting 

Oct 24 10:38:00 host22-107 snort:spp_portscan:PORTSCAN DETECTED from *ip* 
(STEALTH)

How do I get outputs like this?

A few more questions

Does snort take up a lot of CPU usage?
Does snort have to be ran as root?
Is there any known security holes with snort?



Thanks in advance

Darrin




More information about the Snort-users mailing list