[Snort-users] alert file

Alberto Gonzalez ag-snort at ...7149...
Wed Oct 23 20:59:02 EDT 2002


Ok, not to be harsh, but you SOUND really new.

1. Learn everything you can about snort, its functions, option and plugins
        - I recommend reading the Snort Users Manual[1]

2. Familarize yourself with TCP/IP
        - I recommend reading "TCP/IP Illustrated Vol 1" By R. Stevens

3. If snort gives you an alert, it also gives you a "reference", go read 
about that specific attack.

4. Use google. (this is your best friend).

And to your question, access_log is pertaining to apache. I suggest also 
reading about what your using. Looks to me
your just running default installs of things.

I see you mentioned debian, im almost positive you used its package 
system. Try grabbing the lastest stable[2]
or grabbing it via snapshots/ directory. Rolling Your Own is the best 
method for a new snort user.

And read my signature(below) and apply that to _EVERYTHING_ ;-)

[1]    http://www.snort.org/docs/writing_rules (html)
        http://www.snort.org/docs/SnortUsersManual.pdf (pdf) 
[2]    http://www.snort.org/dl/snort-1.9.0.tar.gz

Hope it helps

    - Albert

-- 
The secret to success is to start from scratch and keep on scratching.






More information about the Snort-users mailing list