[Snort-users] Unified logging

Onie Camara neil at ...4898...
Sun Mar 31 12:49:03 EST 2002


Thanks. I'll try that.

Btw, I've read somewhere that unified logging is the way to go.
And must be run alongside with barnyard.

Can you explain how the process works? I've got a feeling that
the logging is realtime but the barnyards pushing of data to the database
is not. Am I correct?

Neil

----- Original Message -----
From: "Mike Macias" <mike.macias at ...5336...>
To: "Onie Camara" <neil at ...4898...>;
<snort-users at lists.sourceforge.net>
Sent: Sunday, March 31, 2002 1:05 PM
Subject: Re: [Snort-users] Unified logging


> tcpdump can read these types of files.  Use the following syntax:
>
> tcpdump -r snort-0331 at ...5440...
>
> This tells tcpdump to read from a file instead of sniffing traffic off the
> wire.
>
> > Are there programs that can understand the file snort -b created?
> > Or how can I fully utilize that file?
> >
> > Example is:
> >
> > bash# ls -l
> > total 3
> > -rw-------  1 root  wheel  246 Mar 31 12:25 alert
> > -rw-------  1 root  wheel    0 Mar 31 12:05 portscan.log
> > -rw-------  1 root  wheel  476 Mar 31 12:25 snort-0331 at ...5440...  <- this
> one
> > -rw-------  1 root  wheel   24 Mar 31 12:29 snort-0331 at ...5441...
> >
> > Thanks.
> >
> > Neil
> >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list