[Snort-users] general questions

Jeremy Hoel jthoel at ...11827...
Fri Mar 29 15:47:30 EDT 2013


Its not going to write every packet to a file to view traffic flow.  Its an
ids/ips. That's what it does.  Everything else is an addon or modification.

The log files it creates are for events that have been triggered by
rules/alerts.  So its limited traffic in reference to a rule.
On Mar 29, 2013 1:44 PM, "Mohammad MontazerI" <mohamad_montazery at ...131...>
wrote:

> i know.
> but snort has packet sniffer. so i can use it as an IDS and network
> traffic shape. cant?
> if its not for this kind of need so the log file used for what?
> why even snort create a log file from network traffic?
>
>
>   ------------------------------
> *From:* Jeremy Hoel <jthoel at ...11827...>
> *To:* Mohammad MontazerI <mohamad_montazery at ...131...>
> *Cc:* "snort-users at lists.sourceforge.net" <
> snort-users at lists.sourceforge.net>
> *Sent:* Friday, March 29, 2013 11:36 PM
> *Subject:* Re: [Snort-users] general questions
>
> That's not the purpose of snort..
>
> network traffic shape and flows is nflow/rflow/ntop/argus type tools.
>
> to see what websites people are visiting.. try bro, httpry (httproxy)
> and other such tools..
>
> snort is not the tool for these needs.
>
>
> On Fri, Mar 29, 2013 at 6:56 PM, Mohammad MontazerI
> <mohamad_montazery at ...131...> wrote:
> > i want use the data to find out the network traffic shape.
> > such as: who goes where! users most visiting websites and ...
> > for this purpose how i should out put the data?
> >
> >
> > ________________________________
> > From: Jeremy Hoel <jthoel at ...11827...>
> > To: Mohammad MontazerI <mohamad_montazery at ...131...>
> > Cc: "snort-users at lists.sourceforge.net" <
> snort-users at lists.sourceforge.net>
> > Sent: Friday, March 29, 2013 10:52 PM
> >
> > Subject: Re: [Snort-users] general questions
> >
> > You need to look at the snort.conf in the output section and see how
> > snort outputs it's data.. it can output data in plain text, binary and
> > unified.  you could use a SIEM tool to read the plain text, barnyard
> > for the unified and there's a tool for the binary too..
> >
> > you need to figure out how you want to use the data in order to
> > determine how to output it.
> >
> >
> > On Fri, Mar 29, 2013 at 4:59 PM, Mohammad MontazerI
> > <mohamad_montazery at ...131...> wrote:
> >>
> >> Which log files would you like read?
> >> i thought there is just one log file!
> >>
> >> however, i used this command:
> >> ./snort -d -h 192.168.1.0/24 -l ./log -c snort.conf
> >>
> >> and it created two flies:
> >> alert and a log file.
> >> i m trying to read this log file.
> >>
> >> ________________________________
> >> From: Heine Lysemose <lysemose at ...11827...>
> >> To: Mohammad MontazerI <mohamad_montazery at ...131...>
> >> Cc: snort-users at lists.sourceforge.net
> >> Sent: Friday, March 29, 2013 8:19 PM
> >> Subject: Re: [Snort-users] general questions
> >>
> >> You can use pulledpork to manage your rules.
> >> Which log files would you like read?
> >> /Lysemose
> >> On Mar 29, 2013 4:44 PM, "Mohammad MontazerI"
> >> <mohamad_montazery at ...131...>
> >> wrote:
> >>
> >>
> >>
> >> ________________________________
> >>
> >> Hello dear all.
> >> i had a few questions which some of them has been answered but some is
> >> not.
> >>
> >> 1- which rule manager is better and wherei can download it?
> >> 2- is there any software which i can use it to read the log
> >> files?(something
> >> give more options )
> >>
> >> Thanks.
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> Own the Future-Intel(R) Level Up Game Demo Contest 2013
> >> Rise to greatness in Intel's independent game demo contest. Compete
> >> for recognition, cash, and the chance to get your game on Steam.
> >> $5K grand prize plus 10 genre and skill prizes. Submit your demo
> >> by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
> >> _______________________________________________
> >> Snort-users mailing list
> >> Snort-users at lists.sourceforge.net
> >> Go to this URL to change user options or unsubscribe:
> >> https://lists.sourceforge.net/lists/listinfo/snort-users
> >> Snort-users list archive:
> >> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >>
> >> Please visit http://blog.snort.org to stay current on all the latest
> Snort
> >> news!
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> Own the Future-Intel(R) Level Up Game Demo Contest 2013
> >> Rise to greatness in Intel's independent game demo contest. Compete
> >> for recognition, cash, and the chance to get your game on Steam.
> >> $5K grand prize plus 10 genre and skill prizes. Submit your demo
> >> by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
> >> _______________________________________________
> >> Snort-users mailing list
> >> Snort-users at lists.sourceforge.net
> >> Go to this URL to change user options or unsubscribe:
> >> https://lists.sourceforge.net/lists/listinfo/snort-users
> >> Snort-users list archive:
> >> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >>
> >> Please visit http://blog.snort.org to stay current on all the latest
> Snort
> >> news!
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Own the Future-Intel(R) Level Up Game Demo Contest 2013
> > Rise to greatness in Intel's independent game demo contest. Compete
> > for recognition, cash, and the chance to get your game on Steam.
> > $5K grand prize plus 10 genre and skill prizes. Submit your demo
> > by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> Snort
> > news!
>
>
>
>
> ------------------------------------------------------------------------------
> Own the Future-Intel(R) Level Up Game Demo Contest 2013
> Rise to greatness in Intel's independent game demo contest. Compete
> for recognition, cash, and the chance to get your game on Steam.
> $5K grand prize plus 10 genre and skill prizes. Submit your demo
> by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130329/dd8903ba/attachment.html>


More information about the Snort-users mailing list