[Snort-users] Newbie Snort Questions

Naman Latif naman.latif at ...10264...
Tue Dec 2 11:26:04 EST 2003


Hi,
We are setting up Snort to be used as a NIDS and I was wondering what is
the best way to start Snort from the command line i.e. which switches to
use

1. We will be using Barnyard for processing the unified log files

2. If we are using Cisco Net Flow for Traffic stats and we also generate
traffic logs from PIX Log Files. Is there any reason that we should use
Snort Logging ? OR Only Alert Logging will be enough ? Will we be
missing some important information this way ?

3. Does Snort Logging means to "Log all Packets" Or will it only Log the
Traffic that matches some Rules (with action set as 'log') ?

3. Is this a correct way to start Snort as NIDS mode

	snort -dev -c snort.conf -D

Regards,
Naman




More information about the Snort-users mailing list