[Snort-users] General info

Erek Adams erek at ...577...
Tue Sep 18 09:29:02 EDT 2001


On Tue, 18 Sep 2001, snortlst snortlst wrote:

> I couldn't find the explanation for pretty simple questions on the snort
> site, so maybe you can clarify this:

Actually, some of this is covered somewhere in the docs or the FAQ.  :)  I
can't recall where right now, and I'm lacking enough coffee to go and check.

> 1. When you compare traffic to the rules what are the options - alerts are
> sent to syslog or database, or file,that's o.k., but can you for example
> drop connection if it conflicts with snort rules?What else can you do to
> malicious conenctions?

You can use flexresp to actually close or reset connections if they match a
rule.  Be warned, this isn't exact nor does it work perfectly.  There are some
issues you need to be aware of before starting with this...  It's sorta like a
loaded gun that doesn't look like a gun...

> 2.I don't think mysql is an option for me, is ACID simplier to confiure
> than mysql?

ACID needs to have MySQL on the backend.  Can't have any ACID without it, no
matter what the Hippies in Berkeley tell us.  ;-)

> 3. Can I generate HTML reports if I log to ACID?

Well...  ACID generates nice PHP pages that can be used viewed in a browser.
If you want straight HTML, check out SnortSnarf and SnortReport (I think it
does HTML, but I may be mistaken).  Have a look on the website under
downloads.  You should find what you want there.

Hope this helps!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list