[Snort-users] Lets talk about ....

AllowOverride allowoverride at ...11827...
Tue Oct 9 11:56:56 EDT 2012


sorry i forgot the cmds i used:


/usr/local/bin/snort -c /etc/snort/etc/snort.conf -i eth0 &
/usr/local/bin/barnyard2 -c /etc/snort/etc/barnyard2.conf
-d /var/log/snort -f snort.log

/var/log/snort# u2spewfoo snort.log.1349797570 |more

(Event)
	sensor id: 0	event id: 1	event second: 1349797624	event mi
crosecond: 522219
	sig id: 10000001	gen id: 1	revision: 0	 classification:
 0
	priority: 0	ip source: 192.168.1.35	ip destination: 192.168.1.14
	src port: 8	dest port: 0	protocol: 1	impact_flag: 0	blocked:
 0

Packet
	sensor id: 0	event id: 1	event second: 1349797624
	packet second: 1349797624	packet microsecond: 522219
	linktype: 1	packet_length: 98
[    0] 00 1A 4D 63 44 CF 00 26 B9 11 24 32 08 00 45
00  ..McD..&..$2..E.
[   16] 00 54 00 00 40 00 40 01 B7 27 C0 A8 01 23 C0 A



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121009/5c7e103f/attachment.html>
-------------- next part --------------
An embedded message was scrubbed...
From: Peter Bates <peter.bates at ...15381...>
Subject: Re: [Snort-users] Lets talk about ....
Date: Tue, 9 Oct 2012 09:10:54 +0100
Size: 5335
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121009/5c7e103f/attachment.mht>


More information about the Snort-users mailing list