[Snort-users] @snort log

waldo kitty wkitty42 at ...14940...
Sat Jul 6 09:36:15 EDT 2013


On 7/6/2013 07:52, anagha b wrote:
> Hi all
>
> Got snort running  but everytime i start snort i have to set library path for
> libdnet.1
>
> I am getting file  snort.u2.1373105384  format in /var/log/snort.
>
> how to read these files?

U2 files are a combination log format... you must use a tool like barnyard to 
break them apart and place them into a database... then you use tools to read 
the database for correlation of the events...

> I searched on net but not getting .
>
> I want to see snort log should i go for snorby for viewing it?
>
> Plz provide link to use gui with snort.

[pedantic] you are not looking for a GUI strictly for snort. that implies a GUI 
that only controls snort, snort's configs and possibly the rules files...[/pedantic]

it sounds like you are instead looking for a GUI to interface to the alert 
database... snorby is one of numerous such tools... you might want to look at 
security onion which contains several GUI interfaces so you can choose which 
one(s) you want or need to use... each has its good points and bad points... 
some are hard to configure but offer a huge range of capabilities while others 
are easy to configure but offer a limited set of abilities...

   http://securityonion.blogspot.com/

NOTE: i have not looked at security onion and do not use it at this time...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-users mailing list