[Snort-users] basic command

Warrick FitzGerald wfitzgerald at ...4613...
Sat Jan 19 11:25:03 EST 2002


Paul Slinki explained that it is very similar to tcpdump i.e.,

snort -dev -l /root/snortlog2 -h 10.10.52.100/32 port 80

Does exactly what I want. I'm not sure exactly how much you can achieve on
the command line, but this certainly works to my needs.

----- Original Message -----
From: "John Sage" <jsage at ...2022...>
To: "Warrick FitzGerald" <wfitzgerald at ...4613...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Friday, January 18, 2002 9:32 PM
Subject: Re: [Snort-users] basic command


> umm..
>
> This command line has *nothing* to do with logging, alerting or anything
> like that.
>
> No command line does any of that.
>
> I'd suggest you familiarize yourself with:
>
> http://snort.sourcefire.com/docs/writing_rules/chap2.html#tth_chAp2
>
>
>
> - John
>
> --
> The web page you seek
> cannot be found here:
> countless others await
>
>
>
>
> Warrick FitzGerald wrote:
>
> > Can someone please explain how I would modify this command line
statement so
> > that it only logs TCP port 80
> >
> >  snort -dev -l /root/snortlog2 -h 10.10.52.100/32
> >
> >  Thanks
> > Warrick
>
>
>
>
>
>





More information about the Snort-users mailing list