[Snort-users] basic snort questions

polypterus polypterus at ...3827...
Tue Oct 16 02:45:14 EDT 2001


I recommend you to use "snortsnarf" or "ACID".
They need much memory but work well.

See here;
 http://www.snort.org/docs/faq.html#5.1

On Mon, 15 Oct 2001 17:31:54 -0500
"snortlst snortlst" <snortlst at ...125...> wrote:

> 1. I run snort in NDIS mode using default log settings (everything is logged
> to /var/snort/log directory)
> In this directory I see directories corresponding to ip addresses, arp file
> and alert file.
> Q: Is alert file a consolidated storage of alerts received from all
> workstations? (or should I go to each workstation directory to see what
> alerts are logged here?)
> 
> 2. Is there any good viewer for alerts logged into /var/log/snort? Some
> web-based interface that can show in real-time which alerts are logged?

polypterus 







More information about the Snort-users mailing list