[Snort-users] Lets talk about ....

PR oly562 at ...11827...
Sat Oct 6 22:42:14 EDT 2012

Let's talk about:

local.rules, snort.rules, alert, and snort.log

i have one local.rule defined. the basic - hey im getting pinged...

i have successfully allowed pp.pl update my snort.rules....

when i hit my server from remote openvas server - all i get is is
file size of alert, and snort.log. of course i can not see snort.logs,
however, i only see alert showing pings.

now, openvasd/client hits it with over 10,000 separate checks, and im
there are more than just pings being used...

now, snort is supposed to log probes, pings, attacks, logins, so on so
forth for sigs in the data packets
in some place or another, but my point is, im only seeing ping alerts in
alert, thats it, ICMP yadda...

im not seeing anything worth actually logging to mysql server, not there
yet either... im setting up base now, 
to somehow get data from snort.log or alert to the mysql db. thats the
plan... just like it used to work :)

however, right now, im pretty sure i would like to view something
readable to the human eye...

1. isnt barnyard2 supposed to be able to allow you to view the sigs/data
or just does it say ICMP yadda...

2. do need to do anything with my snort.rules, like cat snort.rules >>
local.rules ??

3. how do i get data from barnyard2 to my db to view in a pretty browser
GUI like base or 
snortreport, or jpgraph? 

ill read up on those, now i know snort.log and alert are actually
grabbing data, and barnyard2 states:

Opened spool file '/var/log/snort/snort.log.1349576556'
Waiting for new data

suggestions? for 1,2,3?

ill read a bit in the meantime, snort 2.9.3 manual and various other
manuals for jpgraph/barnyard2/etc...

thanks guys... 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121006/52c2bfbe/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: face-smile.png
Type: image/png
Size: 873 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121006/52c2bfbe/attachment.png>

More information about the Snort-users mailing list