Re: I need some serious help

[Erek Adams <erek () theadamsfamily net>]

On Tue, 11 Jun 2002, Don wrote:

> I have some snort traffic that causes real problems with snort, and reading
> the logfile, it doesnt look good, it turns out that i cannot generate alert
> files from the tcpdump file, could someone with help me out directly here.

> From the mind of Douglas Adams:  "Don't Panic" and "Always know where your
towel is."  :)

You need to turn on binary logging.  You can do that in two ways:

  1)  Adding "-b" to the command line
  2)  Adding "output log_tcpdump: snort.log" into your snort.conf file.

Now you've got the packets, what do you want to do with them?  Read/replay
them at your leisure?

        snort -vader <logfile>

Will dump them out to your screen.  Pipe to pager program of your choice and
read from there.

Hope that helps!

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________________________

Multimillion Dollar Computer Inventory
Live Webcast Auctions Thru Aug. 2002 - http://www.cowanalexander.com/calendar



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users