[Snort-users] snort + aris

Ron Rosson insane at ...321...
Sun May 13 12:39:56 EDT 2001


Robert D. Hughes (rob at ...1932...) wrote:
> Check the ARIS and extractor (sfclean is now extractor) docs. They'll give
> you the command line for both snort and extractor. Mine is
> /usr/local/bin/snort -A full -c /usr/local/etc/snort.conf -dDeX -i xl0 -u
> nobody. It works at least. Last time I checked, -A full and -d are the only
> required ones.
> 
> -----Original Message-----
> From: Ron 'The InSaNe One' Rosson [mailto:insane at ...321...]
> Sent: Saturday, May 12, 2001 5:10 PM
> To: Ryan Russell
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] snort + aris
> 
> 
> Ryan Russell (ryan at ...35...) wrote:
> > Was the question regarding how to get Snort running, or how to get it to
> > feed to ARIS?
> > 
> > 			Ryan
> > 
> > On Fri, 11 May 2001, Ron 'The InSaNe One' Rosson wrote:
> > 
> > > I am getting ready to reset up aris on my network but I am confused on
> > > what my command line should be.
> > >
> > > Here is my basic setup:
> > >
> > > IDS system logging to a remote Database
> > >
> > > Command line for snort is:
> > > /usr/local/bin/snort -D -d -c /etc/snort.rules
> > >
> > > Here is the output part of my  snort.rules file
> > >
> > > output database: alert, mysql, user=nobody dbname=snort host=postal
> > >
> 
> I am looking for the proper command line to run with SNORT.
> 
> TIA
> 

If I read the man page right that overrides the databse logging.

TIA
-- 
------------------------------------------------------------------------------
Ron Rosson          			      ... and a UNIX user said ...
The InSaNe One                 			      rm -rf *
insane at ...322...     	            and all was /dev/null and *void()
------------------------------------------------------------------------------
	  It's so nice to be insane, nobody asks you to explain.




More information about the Snort-users mailing list