snortlst at ...125...
Tue Oct 16 13:54:15 EDT 2001
You see, I'm trying to be a good boy and look into FAQ before asking stupid
questions, I looked into FAQ and they didn't tell for example that all
alerts are put into the alert file. It's just my guess and I'm sure if it's
right or wrong.Snort pdf also misses a lot of 'newbie' things.So I think
it's a legitimate question to ask.....
And that's strange attitude, like 'Hey, go back and check documentation'
(which actually misses some things)
ccse,ccna,cca,cne4,5, lpic-1,mcse (just trying to say I'm not a complete
----- Original Message -----
From: "Chris Green" <cmg at ...671...>
To: "snortlst snortlst" <snortlst at ...125...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Tuesday, October 16, 2001 2:20 PM
Subject: Re: [Snort-users] alert
> "snortlst snortlst" <snortlst at ...125...> writes:
> > Snorts log everything in /var/log/snort
> > I see there alert file and directopries with ip addresses naming
> > (NDIS mode)
> > Is that correct to say that ALL alerts are put into alert file and I
> > shouldn't browse all those directories?
> > What those directories (ip addresses) are for?
> Decoded packet dumps. Will add this to the documentation.
> Chris Green <cmg at ...671...>
> This is my signature. There are many like it but this one is mine.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users