No subject


Thu Nov 23 16:36:19 EST 2017


und. Right? For CSV the plugin name is alert_CSV and not just CSV? But now =
with the right command  =AB output alert_CSV syslog.txt default =BB snort s=
eem to crash if there is the default keyword. I didn`t find any people comp=
laining about that.Dd that happend to someone. Also in CVS format how can I=
 get the payload of the packet in one CVS field?
=20
Thanks
=20
I am using Window XP, Wincap 2.3 and Snort 1.9.1
=20

------_=_NextPart_001_01C2EA3F.3E83CD6F
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" xmlns:w=3D"urn:sc=
hemas-microsoft-com:office:word" xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Diso-8859-=
1">


<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 10">
<meta name=3DOriginator content=3D"Microsoft Word 10">
<link rel=3DFile-List href=3D"cid:filelist.xml at ...8602...">
<!--[if gte mso 9]><xml>
 <o:OfficeDocumentSettings>
  <o:DoNotRelyOnCSS/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:SpellingState>Clean</w:SpellingState>
  <w:GrammarState>Clean</w:GrammarState>
  <w:DocumentKind>DocumentEmail</w:DocumentKind>
  <w:HyphenationZone>21</w:HyphenationZone>
  <w:EnvelopeVis/>
  <w:Compatibility>
   <w:BreakWrappedTables/>
   <w:SnapToGridInCell/>
   <w:WrapTextWithPunct/>
   <w:UseAsianBreakRules/>
  </w:Compatibility>
  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
 </w:WordDocument>
</xml><![endif]-->
<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{mso-style-parent:"";
	margin:0cm;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:12.0pt;
	font-family:"Times New Roman";
	mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;
	text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;
	text-underline:single;}
span.StyleCourrierlectronique17
	{mso-style-type:personal-compose;
	mso-style-noshow:yes;
	mso-ansi-font-size:10.0pt;
	mso-bidi-font-size:10.0pt;
	font-family:Arial;
	mso-ascii-font-family:Arial;
	mso-hansi-font-family:Arial;
	mso-bidi-font-family:Arial;
	color:windowtext;}
span.SpellE
	{mso-style-name:"";
	mso-spl-e:yes;}
@page Section1
	{size:595.3pt 841.9pt;
	margin:70.85pt 70.85pt 70.85pt 70.85pt;
	mso-header-margin:35.4pt;
	mso-footer-margin:35.4pt;
	mso-paper-source:0;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
 /* Style Definitions */=20
 table.MsoNormalTable
	{mso-style-name:"Tableau Normal";
	mso-tstyle-rowband-size:0;
	mso-tstyle-colband-size:0;
	mso-style-noshow:yes;
	mso-style-parent:"";
	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
	mso-para-margin:0cm;
	mso-para-margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:10.0pt;
	font-family:"Times New Roman";}
</style>
<![endif]-->
</head>

<body lang=3DFR link=3Dblue vlink=3Dpurple style=3D'tab-interval:35.4pt'>

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DFR-CA style=
=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:FR-CA'>Hello all!<o:p></o:p></sp=
an></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DFR-CA style=
=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:FR-CA'><span style=3D'mso-tab-co=
unt:
1'>=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 </span>I <span class=3DSpellE>am</span=
> a new user of <span
class=3DSpellE>snort</span>. I <span class=3DSpellE>presently</span> </span=
></font><font
size=3D2 face=3DArial><span lang=3DEN-US style=3D'font-size:10.0pt;font-fam=
ily:Arial;
mso-ansi-language:EN-US'>evaluating</span></font><font size=3D2 face=3DAria=
l><span
lang=3DFR-CA style=3D'font-size:10.0pt;font-family:Arial;mso-ansi-language:=
FR-CA'> <span
class=3DSpellE>the</span> use of <span class=3DSpellE>snort</span> to <span
class=3DSpellE>collect</span> <span class=3DSpellE>syslog</span>. <span
style=3D'mso-spacerun:yes'>=A0</span>I <span class=3DSpellE>didn</span>`t <=
span
class=3DSpellE>find</span> <span class=3DSpellE>any</span> <span class=3DSp=
ellE>rules</span>
<span class=3DSpellE>defined</span> for <span class=3DSpellE>that</span> bu=
t I have
<span class=3DSpellE>heard</span> people <span class=3DSpellE>using</span> =
<span
class=3DSpellE>it</span> <span class=3DSpellE>that</span> <span class=3DSpe=
llE>way</span>.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><span class=3DSpellE><font size=3D2 face=3DArial><span=
 lang=3DFR-CA
style=3D'font-size:10.0pt;font-family:Arial;mso-ansi-language:FR-CA'>From</=
span></font></span><font
size=3D2 face=3DArial><span lang=3DFR-CA style=3D'font-size:10.0pt;font-fam=
ily:Arial;
mso-ansi-language:FR-CA'> <span class=3DSpellE>what</span> I <span class=3D=
SpellE>understand</span>
<span class=3DSpellE>syslog</span> <span class=3DSpellE>alert</span> <span
class=3DSpellE>doesn</span>`t <span class=3DSpellE>work</span> on <span
class=3DSpellE>windows</span> <span class=3DSpellE>some</span> bug <span
class=3DSpellE>was</span> <span class=3DSpellE>found</span>. Right? For CSV=
 <span
class=3DSpellE>the</span> <span class=3DSpellE>plugin</span> <span class=3D=
SpellE>name</span>
<span class=3DSpellE>is</span> <span class=3DSpellE>alert_CSV</span> <span
class=3DSpellE>and</span> not <span class=3DSpellE>just</span> CSV? But <sp=
an
class=3DSpellE>now</span> <span class=3DSpellE>with</span> <span class=3DSp=
ellE>the</span>
right command<span style=3D'mso-spacerun:yes'>=A0 </span>=AB output <s=
pan
class=3DSpellE>alert_CSV</span> syslog.txt <span class=3DSpellE>default</sp=
an> =BB
<span class=3DSpellE>snort</span> <span class=3DSpellE>seem</span> to crash=
 if <span
class=3DSpellE>there</span> <span class=3DSpellE>is</span> <span class=3DSp=
ellE>the</span>
<span class=3DSpellE>default</span> <span class=3DSpellE>keyword</span>. I =
<span
class=3DSpellE>didn</span>`t <span class=3DSpellE>find</span> <span class=
=3DSpellE>any</span>
people <span class=3DSpellE>complaining</span> about <span class=3DSpellE>t=
hat.Dd</span>
<span class=3DSpellE>that</span> <span class=3DSpellE>happend</span> to <sp=
an
class=3DSpellE>someone</span>. <span class=3DSpellE>Also</span> in CVS form=
at how <span
class=3DSpellE>can</span> I <span class=3DSpellE>get</span> <span class=3DS=
pellE>the</span>
<span class=3DSpellE>payload</span> of <span class=3DSpellE>the</span> <span
class=3DSpellE>packet</span> in one CVS <span class=3DSpellE>field</span>?<=
o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DFR-CA style=
=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:FR-CA'><o:p> </o:p></span><=
/font></p>

<p class=3DMsoNormal><span class=3DSpellE><font size=3D2 face=3DArial><span=
 lang=3DFR-CA
style=3D'font-size:10.0pt;font-family:Arial;mso-ansi-language:FR-CA'>Thanks=
</span></font></span><font
size=3D2 face=3DArial><span lang=3DFR-CA style=3D'font-size:10.0pt;font-fam=
ily:Arial;
mso-ansi-language:FR-CA'><o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DFR-CA style=
=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:FR-CA'><o:p> </o:p></span><=
/font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DFR-CA style=
=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:FR-CA'>I <span class=3DSpellE>am=
</span>
<span class=3DSpellE>using</span> <span class=3DSpellE>Window</span> XP, <s=
pan
class=3DSpellE>Wincap</span> 2.3 <span class=3DSpellE>and</span> <span
class=3DSpellE>Snort</span> 1.9.1<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DFR-CA style=
=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:FR-CA'><o:p> </o:p></span><=
/font></p>

</div>

</body>

</html>

------_=_NextPart_001_01C2EA3F.3E83CD6F--




More information about the Snort-users mailing list