[Snort-users] alert file

Zachary Uram yoda at ...7272...
Thu Oct 24 06:57:12 EDT 2002


On Thu, 2002-10-24 at 02:58, Alberto Gonzalez wrote:
> Ok, not to be harsh, but you SOUND really new.

Hi Alberto,

Well I am really new to this :)

> 1. Learn everything you can about snort, its functions, option and plugins
>         - I recommend reading the Snort Users Manual[1]

Ok.

> 2. Familarize yourself with TCP/IP
>         - I recommend reading "TCP/IP Illustrated Vol 1" By R. Stevens

Will check ebay for this.

> 3. If snort gives you an alert, it also gives you a "reference", go read 
> about that specific attack.

Will do.

> 4. Use google. (this is your best friend).

Heh.

> And to your question, access_log is pertaining to apache. I suggest also 
> reading about what your using. Looks to me
> your just running default installs of things.

Yah some things are pretty much default installs.

> I see you mentioned debian, im almost positive you used its package 
> system. Try grabbing the lastest stable[2]

I am running the latest Debian unstable release.

> or grabbing it via snapshots/ directory. Rolling Your Own is the best 
> method for a new snort user.

Ok. Hope it will compile ok :)

> And read my signature(below) and apply that to _EVERYTHING_ ;-)

Heh.

Zach





More information about the Snort-users mailing list