[Snort-users] Snorby and Snort

Atkins, Dwane P ATKINSD at ...9240...
Thu Nov 11 11:00:25 EST 2010


Thank you.  This has been done.  I am not seeing a Hostname called unknown:eth1.  It now has 844 events and was plugged in less than 20 minutes ago so I believe something is working.  Is there a way to name that unknown:eth1 hostname to something meaningful without putting an ip address on it?

Also, I am very knew at this so this is quite an accomplishment for the whole team.  I appreciate everyone's help.  

Thank you.

Dwane

-----Original Message-----
From: JJC [mailto:cummingsj at ...11827...] 
Sent: Thursday, November 11, 2010 9:24 AM
To: Joel Esler
Cc: Atkins, Dwane P; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Snorby and Snort

Further, you can specify what interface that barnyard is populating
the database with, read through the config file (this assumes that you
have the correct value for -i when you start snort).

JJC

On Wed, Nov 10, 2010 at 1:56 PM, Joel Esler <jesler at ...1935...> wrote:
> Snort will need the correct interface passed to it on the command line with
> the -i tag.
>
>
> Sent from my iPhone
> On Nov 10, 2010, at 3:50 PM, "Atkins, Dwane P" <ATKINSD at ...9240...> wrote:
>
> This may be a stupid question now, but I decided to try the Snort/Snorby
> setup and my only issue at this point is it appears that, on the GUI, it
> only sees events on our management port instead of the other NIC which is in
> promiscuous mode.
>
>
>
> Are there any modifications I can make to make this a smoother setup?
>
>
>
> Thank you
>
>
>
> Dwane
>
> ------------------------------------------------------------------------------
> The Next 800 Companies to Lead America's Growth: New Video Whitepaper
> David G. Thomson, author of the best-selling book "Blueprint to a
> Billion" shares his insights and actions to help propel your
> business during the next growth cycle. Listen Now!
> http://p.sf.net/sfu/SAP-dev2dev
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> ------------------------------------------------------------------------------
> The Next 800 Companies to Lead America's Growth: New Video Whitepaper
> David G. Thomson, author of the best-selling book "Blueprint to a
> Billion" shares his insights and actions to help propel your
> business during the next growth cycle. Listen Now!
> http://p.sf.net/sfu/SAP-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list