[Snort-users] alert

snortlst snortlst snortlst at ...125...
Tue Oct 16 13:54:15 EDT 2001


You see, I'm trying to be a good boy and look into FAQ before asking stupid
questions, I looked into FAQ and they didn't tell  for example that all
alerts are put into the alert file. It's just my guess and I'm sure if it's
right or wrong.Snort pdf also misses a lot of 'newbie' things.So I think
it's a legitimate question to ask.....
And that's strange attitude, like 'Hey, go back and check documentation'
(which actually misses some things)
Thanks anyway.

eliyah lovkoff
ccse,ccna,cca,cne4,5, lpic-1,mcse (just trying to say I'm not a complete
idiot)


----- Original Message -----
From: "Chris Green" <cmg at ...671...>
To: "snortlst snortlst" <snortlst at ...125...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Tuesday, October 16, 2001 2:20 PM
Subject: Re: [Snort-users] alert


> "snortlst snortlst" <snortlst at ...125...> writes:
>
> > Snorts log everything in /var/log/snort
> > I see there alert file and directopries with ip addresses naming
convention.
> > (NDIS mode)
> > Is that correct to say that ALL alerts are put into alert file and I
> > shouldn't browse all those directories?
> > What those directories (ip addresses) are for?
>
> Decoded packet dumps.  Will add this to the documentation.
> --
> Chris Green <cmg at ...671...>
> This is my signature. There are many like it but this one is mine.
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list