[Snort-users] basic command
jsage at ...2022...
Sat Jan 19 13:20:02 EST 2002
I stand corrected!
I hadn't seen that syntax before, at least in the context of *starting*
I *do* use that sort of tcpdump/BPF syntax a lot in reading back my -b
binary log files...
I guess I have just one question: why do you want to start snort that
way, rather than have it read from snort.conf and read from the rules
that you can edit more at your leisure?
Is it that this method allow you to have a more selective filtering
Does that advantage outweigh the complexity of the command line syntax
versus the simplicity of binary logging everything, and extracting what
you want later using -r and tcpdump/BPF syntax then?
You can never have too many shells
Warrick FitzGerald wrote:
> Paul Slinki explained that it is very similar to tcpdump i.e.,
> snort -dev -l /root/snortlog2 -h 10.10.52.100/32 port 80
> Does exactly what I want. I'm not sure exactly how much you can achieve on
> the command line, but this certainly works to my needs.
> ----- Original Message -----
> From: "John Sage" <jsage at ...2022...>
> To: "Warrick FitzGerald" <wfitzgerald at ...4613...>
> Cc: <snort-users at lists.sourceforge.net>
> Sent: Friday, January 18, 2002 9:32 PM
> Subject: Re: [Snort-users] basic command
>>This command line has *nothing* to do with logging, alerting or anything
>>No command line does any of that.
>>I'd suggest you familiarize yourself with:
>>The web page you seek
>>cannot be found here:
>>countless others await
>>Warrick FitzGerald wrote:
>>>Can someone please explain how I would modify this command line
> statement so
>>>that it only logs TCP port 80
>>> snort -dev -l /root/snortlog2 -h 10.10.52.100/32
More information about the Snort-users