[Snort-users] SnortALog with Snort

jeremy.chartier at ...953... jeremy.chartier at ...953...
Mon Jul 19 01:26:00 EDT 2004


Very easy to use ;)

If you are using snort with database plugin you must stop.
All snort's alerts must redirect in a file. So, you can use the syslog
option in snort.conf or perform snort like that :
snort -A none -CDIepbi eth0 -c snort.conf -s ""
or
snort -A fast -CDIepbi eth0 -c snort.conf
or
snort -A full -CDIepbi eth0 -c snort.conf
This is examples, obviously you can use other snort's options.

Eventually, you must redirect your alert file in SnortALog like that :
cat alert.ids | ./snortalog.pl -n 20 -report
or
./snortalog.pl -n 20 -report -file alert.ids

Jérémy


> 
> With help of this documentation Snort, Apache, PHP, MySQL, ACID on Redhat 9.0
> Installation Guide , 
>  I have done the configurations. It is runs well with the browser . but i
> would like to configure SnortALog as well , to get out put with some graph. 
> 
> 
> Can v configure SnortALog with snort ?
> I have done the configurations according to the SnortALog manual . 
> But i can't understand how it use with snort .......plz help me
> 
> 
> thanx in advance
> chandana






More information about the Snort-users mailing list