[Snort-users] snort + aris

Robert D. Hughes rob at ...1932...
Sat May 12 23:54:24 EDT 2001

Check the ARIS and extractor (sfclean is now extractor) docs. They'll give
you the command line for both snort and extractor. Mine is
/usr/local/bin/snort -A full -c /usr/local/etc/snort.conf -dDeX -i xl0 -u
nobody. It works at least. Last time I checked, -A full and -d are the only
required ones.

-----Original Message-----
From: Ron 'The InSaNe One' Rosson [mailto:insane at ...321...]
Sent: Saturday, May 12, 2001 5:10 PM
To: Ryan Russell
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] snort + aris

Ryan Russell (ryan at ...35...) wrote:
> Was the question regarding how to get Snort running, or how to get it to
> feed to ARIS?
> 			Ryan
> On Fri, 11 May 2001, Ron 'The InSaNe One' Rosson wrote:
> > I am getting ready to reset up aris on my network but I am confused on
> > what my command line should be.
> >
> > Here is my basic setup:
> >
> > IDS system logging to a remote Database
> >
> > Command line for snort is:
> > /usr/local/bin/snort -D -d -c /etc/snort.rules
> >
> > Here is the output part of my  snort.rules file
> >
> > output database: alert, mysql, user=nobody dbname=snort host=postal
> >

I am looking for the proper command line to run with SNORT.


Ron Rosson          			      ... and a UNIX user said ...
The InSaNe One                 			      rm -rf *
insane at ...322...     	            and all was /dev/null and *void()
   If Bill Gates had a dime for every time a Windows box crashed...
                ...Oh, wait a minute, he already does.

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list