[Snort-users] general questions

Mohammad MontazerI mohamad_montazery at ...131...
Fri Mar 29 15:40:32 EDT 2013


i know.
but snort has packet sniffer. so i can use it as an IDS and network traffic shape. cant?
if its not for this kind of need so the log file used for what?
why even snort create a log file from network traffic?




________________________________
 From: Jeremy Hoel <jthoel at ...11827...>
To: Mohammad MontazerI <mohamad_montazery at ...131...> 
Cc: "snort-users at lists.sourceforge.net" <snort-users at lists.sourceforge.net> 
Sent: Friday, March 29, 2013 11:36 PM
Subject: Re: [Snort-users] general questions
 
That's not the purpose of snort..

network traffic shape and flows is nflow/rflow/ntop/argus type tools.

to see what websites people are visiting.. try bro, httpry (httproxy)
and other such tools..

snort is not the tool for these needs.


On Fri, Mar 29, 2013 at 6:56 PM, Mohammad MontazerI
<mohamad_montazery at ...131...> wrote:
> i want use the data to find out the network traffic shape.
> such as: who goes where! users most visiting websites and ...
> for this purpose how i should out put the data?
>
>
> ________________________________
> From: Jeremy Hoel <jthoel at ...11827...>
> To: Mohammad MontazerI <mohamad_montazery at ...131...>
> Cc: "snort-users at lists.sourceforge.net" <snort-users at ...3893...t>
> Sent: Friday, March 29, 2013 10:52 PM
>
> Subject: Re: [Snort-users] general questions
>
> You need to look at the snort.conf in the output section and see how
> snort outputs it's data.. it can output data in plain text, binary and
> unified.  you could use a SIEM tool to read the plain text, barnyard
> for the unified and there's a tool for the binary too..
>
> you need to figure out how you want to use the data in order to
> determine how to output it.
>
>
> On Fri, Mar 29, 2013 at 4:59 PM, Mohammad MontazerI
> <mohamad_montazery at ...131...> wrote:
>>
>> Which log files would you like read?
>> i thought there is just one log file!
>>
>> however, i used this command:
>> ./snort -d -h 192.168.1.0/24 -l ./log -c snort.conf
>>
>> and it created two flies:
>> alert and a log file.
>> i m trying to read this log file.
>>
>> ________________________________
>> From: Heine Lysemose <lysemose at ...11827...>
>> To: Mohammad MontazerI <mohamad_montazery at ...131...>
>> Cc: snort-users at lists.sourceforge.net
>> Sent: Friday, March 29, 2013 8:19 PM
>> Subject: Re: [Snort-users] general questions
>>
>> You can use pulledpork to manage your rules.
>> Which log files would you like read?
>> /Lysemose
>> On Mar 29, 2013 4:44 PM, "Mohammad MontazerI"
>> <mohamad_montazery at ...131...>
>> wrote:
>>
>>
>>
>> ________________________________
>>
>> Hello dear all.
>> i had a few questions which some of them has been answered but some is
>> not.
>>
>> 1- which rule manager is better and wherei can download it?
>> 2- is there any software which i can use it to read the log
>> files?(something
>> give more options )
>>
>> Thanks.
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Own the Future-Intel(R) Level Up Game Demo Contest 2013
>> Rise to greatness in Intel's independent game demo contest. Compete
>> for recognition, cash, and the chance to get your game on Steam.
>> $5K grand prize plus 10 genre and skill prizes. Submit your demo
>> by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest Snort
>> news!
>>
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Own the Future-Intel(R) Level Up Game Demo Contest 2013
>> Rise to greatness in Intel's independent game demo contest. Compete
>> for recognition, cash, and the chance to get your game on Steam.
>> $5K grand prize plus 10 genre and skill prizes. Submit your demo
>> by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest Snort
>> news!
>
>
>
> ------------------------------------------------------------------------------
> Own the Future-Intel(R) Level Up Game Demo Contest 2013
> Rise to greatness in Intel's independent game demo contest. Compete
> for recognition, cash, and the chance to get your game on Steam.
> $5K grand prize plus 10 genre and skill prizes. Submit your demo
> by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130329/40e74726/attachment.html>


More information about the Snort-users mailing list