[Snort-users] general questions

Mohammad MontazerI mohamad_montazery at ...131...
Fri Mar 29 14:56:07 EDT 2013


i want use the data to find out the network traffic shape.
such as: who goes where! users most visiting websites and ...
for this purpose how i should out put the data?




________________________________
 From: Jeremy Hoel <jthoel at ...11827...>
To: Mohammad MontazerI <mohamad_montazery at ...131...> 
Cc: "snort-users at lists.sourceforge.net" <snort-users at lists.sourceforge.net> 
Sent: Friday, March 29, 2013 10:52 PM
Subject: Re: [Snort-users] general questions
 
You need to look at the snort.conf in the output section and see how
snort outputs it's data.. it can output data in plain text, binary and
unified.  you could use a SIEM tool to read the plain text, barnyard
for the unified and there's a tool for the binary too..

you need to figure out how you want to use the data in order to
determine how to output it.


On Fri, Mar 29, 2013 at 4:59 PM, Mohammad MontazerI
<mohamad_montazery at ...131...> wrote:
>
> Which log files would you like read?
> i thought there is just one log file!
>
> however, i used this command:
> ./snort -d -h 192.168.1.0/24 -l ./log -c snort.conf
>
> and it created two flies:
> alert and a log file.
> i m trying to read this log file.
>
> ________________________________
> From: Heine Lysemose <lysemose at ...11827...>
> To: Mohammad MontazerI <mohamad_montazery at ...131...>
> Cc: snort-users at lists.sourceforge.net
> Sent: Friday, March 29, 2013 8:19 PM
> Subject: Re: [Snort-users] general questions
>
> You can use pulledpork to manage your rules.
> Which log files would you like read?
> /Lysemose
> On Mar 29, 2013 4:44 PM, "Mohammad MontazerI" <mohamad_montazery at ...8167....>
> wrote:
>
>
>
> ________________________________
>
> Hello dear all.
> i had a few questions which some of them has been answered but some is not.
>
> 1- which rule manager is better and wherei can download it?
> 2- is there any software which i can use it to read the log files?(something
> give more options )
>
> Thanks.
>
>
>
>
>
> ------------------------------------------------------------------------------
> Own the Future-Intel(R) Level Up Game Demo Contest 2013
> Rise to greatness in Intel's independent game demo contest. Compete
> for recognition, cash, and the chance to get your game on Steam.
> $5K grand prize plus 10 genre and skill prizes. Submit your demo
> by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Own the Future-Intel(R) Level Up Game Demo Contest 2013
> Rise to greatness in Intel's independent game demo contest. Compete
> for recognition, cash, and the chance to get your game on Steam.
> $5K grand prize plus 10 genre and skill prizes. Submit your demo
> by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130329/1d55924b/attachment.html>


More information about the Snort-users mailing list