[Snort-users] Snorby and Snort

JJC cummingsj at ...11827...
Thu Nov 11 11:05:58 EST 2010


The hostname option is in the BY2 config also, IIRC

On Thu, Nov 11, 2010 at 9:00 AM, Atkins, Dwane P <ATKINSD at ...9240...> wrote:
> Thank you.  This has been done.  I am not seeing a Hostname called unknown:eth1.  It now has 844 events and was plugged in less than 20 minutes ago so I believe something is working.  Is there a way to name that unknown:eth1 hostname to something meaningful without putting an ip address on it?
>
> Also, I am very knew at this so this is quite an accomplishment for the whole team.  I appreciate everyone's help.
>
> Thank you.
>
> Dwane
>
> -----Original Message-----
> From: JJC [mailto:cummingsj at ...11827...]
> Sent: Thursday, November 11, 2010 9:24 AM
> To: Joel Esler
> Cc: Atkins, Dwane P; snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Snorby and Snort
>
> Further, you can specify what interface that barnyard is populating
> the database with, read through the config file (this assumes that you
> have the correct value for -i when you start snort).
>
> JJC
>
> On Wed, Nov 10, 2010 at 1:56 PM, Joel Esler <jesler at ...1935...> wrote:
>> Snort will need the correct interface passed to it on the command line with
>> the -i tag.
>>
>>
>> Sent from my iPhone
>> On Nov 10, 2010, at 3:50 PM, "Atkins, Dwane P" <ATKINSD at ...9240...> wrote:
>>
>> This may be a stupid question now, but I decided to try the Snort/Snorby
>> setup and my only issue at this point is it appears that, on the GUI, it
>> only sees events on our management port instead of the other NIC which is in
>> promiscuous mode.
>>
>>
>>
>> Are there any modifications I can make to make this a smoother setup?
>>
>>
>>
>> Thank you
>>
>>
>>
>> Dwane
>>
>> ------------------------------------------------------------------------------
>> The Next 800 Companies to Lead America's Growth: New Video Whitepaper
>> David G. Thomson, author of the best-selling book "Blueprint to a
>> Billion" shares his insights and actions to help propel your
>> business during the next growth cycle. Listen Now!
>> http://p.sf.net/sfu/SAP-dev2dev
>>
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>> ------------------------------------------------------------------------------
>> The Next 800 Companies to Lead America's Growth: New Video Whitepaper
>> David G. Thomson, author of the best-selling book "Blueprint to a
>> Billion" shares his insights and actions to help propel your
>> business during the next growth cycle. Listen Now!
>> http://p.sf.net/sfu/SAP-dev2dev
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>




More information about the Snort-users mailing list