[Snort-users] General info
erek at ...577...
Tue Sep 18 09:29:02 EDT 2001
On Tue, 18 Sep 2001, snortlst snortlst wrote:
> I couldn't find the explanation for pretty simple questions on the snort
> site, so maybe you can clarify this:
Actually, some of this is covered somewhere in the docs or the FAQ. :) I
can't recall where right now, and I'm lacking enough coffee to go and check.
> 1. When you compare traffic to the rules what are the options - alerts are
> sent to syslog or database, or file,that's o.k., but can you for example
> drop connection if it conflicts with snort rules?What else can you do to
> malicious conenctions?
You can use flexresp to actually close or reset connections if they match a
rule. Be warned, this isn't exact nor does it work perfectly. There are some
issues you need to be aware of before starting with this... It's sorta like a
loaded gun that doesn't look like a gun...
> 2.I don't think mysql is an option for me, is ACID simplier to confiure
> than mysql?
ACID needs to have MySQL on the backend. Can't have any ACID without it, no
matter what the Hippies in Berkeley tell us. ;-)
> 3. Can I generate HTML reports if I log to ACID?
Well... ACID generates nice PHP pages that can be used viewed in a browser.
If you want straight HTML, check out SnortSnarf and SnortReport (I think it
does HTML, but I may be mistaken). Have a look on the website under
downloads. You should find what you want there.
Hope this helps!
More information about the Snort-users