[Snort-users] general questions

Mohammad MontazerI mohamad_montazery at ...131...
Sat Mar 30 01:34:54 EDT 2013


dear all thank you so much.
as i found out snort log files is not suitable for traffic shaping. and it using for tracking the alerts.


here just one more question:
i already installed snort.(with all rules)
now can i use oinkmaster to manage my rules?



________________________________
 
 
On 3/29/2013 14:40, Mohammad MontazerI wrote:
> i know.
> but snort has packet sniffer. so i can use it as an IDS and network traffic
> shape. cant?

no, you can't... why should snort be processing all that data when its purpose 
is penetration prevention?

> if its not for this kind of need so the log file used for what?
> why even snort create a log file from network traffic?

the pcaps are only of the network packets that *caused an alert*... nothing 
else... the pcaps are so you can perform diagnostics to confirm the alert is a 
true positive and so you can then followup with security or preventative 
measures unless your system has already acted upon the alert and instituted some 
protective measures...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130329/8df74378/attachment.html>


More information about the Snort-users mailing list