[Snort-users] Where can I find documents explain the log form ats of snort?

Hicks, John JHicks at ...5857...
Sun Dec 22 20:18:02 EST 2002


The best one I can recommend is Intrusion Signatures and Analysis from
Stephen Northcutt (SANS) and all
(http://www.amazon.com/exec/obidos/tg/detail/-/0735710635/qid=1040616491/sr=
8-1/ref=sr_8_1/102-0670692-9875349?v=glance&s=books&n=507846) mainly because
as you go, you'll quickly learn you'll need to know more than the alert.ids
file.

-----
Signature ID:Revision # Alert Message
[Classification: Classification Type] [Priority: #]
Date/Network Time Src.IP:Src.Port -> Dst.IP:Dst.Port
Protocol Packet Details
References
-----

HTH,
John

-----Original Message-----
From: Xiaogang Liu
To: snort-users at lists.sourceforge.net
Sent: 22/12/02 10:32 PM
Subject: [Snort-users] Where can I find documents explain the log formats of
snort?

hi, 
Where can I find documents explain the log formats of snort?
I want to completely analyze the log format in file alert.ids.
Thanks
                  Oliver




More information about the Snort-users mailing list