[Snort-users] consult some questions about snort

fan wu conjurer1981 at ...5635...
Sun Oct 15 06:44:37 EDT 2006

I have configured a snort system (snort 2.4.5)on my computer for debian 
system. Now I am using it and I have some questions.I 
want to  consult them.

   1st: in  debug.h,there  is  a  macro definition

  #define    DebugMessage    DebugMessageFile = __FILE__; 
 DebugMessageLine = __LINE__; DebugMessageFunc
   what  does  that  mean?
 2nd: in the snort.conf ,I  set  the  output alert_unified 
file and  output log_unified file to be snort.alert and 
snort.log.I am surprised that the content in these files are
 odd characters,which I can't read.
 Do the packets' content first encrypted then stored in 
these files?
3rd:  what does the time window stand for?I guess it means 
the used time today.Am I right?

4th:  in the snort.conf,I set the HOME_NET localhost,but 
many other IPs appears.These IPs are in the same B-type net.

  I am looking for reply,  


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20061015/8cde8c2f/attachment.html>

More information about the Snort-users mailing list