Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Field in Snort log

From: Erek Adams <erek () theadamsfamily net>
Date: Thu, 7 Nov 2002 14:33:28 -0800 (PST)
On Thu, 7 Nov 2002, Robert Birkely wrote:


I'm kinda new to IDS.
Could someone tell me which fields are logged in the Snort log?
Everything from date/time to destination/source ip-address, port and so
on. I've seen a log file from Snort, but not a explanation to what these
fields are.

I would really appreciate all answers here, or where I could find it.


Run, don't walk to your local computer bookstore or Amazon and have a look
at the books I've listed below.

The fields that are listed in the logs are all of the header info from the
ether frame.  Those header fields are explained quite well in the Stephens
book.

The Northcutt book will help you understand those things and more about
IDS's.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net

        http://www.amazon.com/exec/obidos/ASIN/0201633469/
        http://www.amazon.com/exec/obidos/ASIN/0735712654/



-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm 
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: