[Snort-users] Newbie Snort Questions
naman.latif at ...10264...
Tue Dec 2 11:26:04 EST 2003
We are setting up Snort to be used as a NIDS and I was wondering what is
the best way to start Snort from the command line i.e. which switches to
1. We will be using Barnyard for processing the unified log files
2. If we are using Cisco Net Flow for Traffic stats and we also generate
traffic logs from PIX Log Files. Is there any reason that we should use
Snort Logging ? OR Only Alert Logging will be enough ? Will we be
missing some important information this way ?
3. Does Snort Logging means to "Log all Packets" Or will it only Log the
Traffic that matches some Rules (with action set as 'log') ?
3. Is this a correct way to start Snort as NIDS mode
snort -dev -c snort.conf -D
More information about the Snort-users