Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: alert file

From: Alberto Gonzalez <ag-snort () cerebro violating us>
Date: Wed, 23 Oct 2002 23:58:52 -0700
Ok, not to be harsh, but you SOUND really new.

1. Learn everything you can about snort, its functions, option and plugins
       - I recommend reading the Snort Users Manual[1]

2. Familarize yourself with TCP/IP
       - I recommend reading "TCP/IP Illustrated Vol 1" By R. Stevens
3. If snort gives you an alert, it also gives you a "reference", go read about that specific attack. 

4. Use google. (this is your best friend).
And to your question, access_log is pertaining to apache. I suggest also reading about what your using. Looks to me 
your just running default installs of things.
I see you mentioned debian, im almost positive you used its package system. Try grabbing the lastest stable[2] or grabbing it via snapshots/ directory. Rolling Your Own is the best method for a new snort user. 

And read my signature(below) and apply that to _EVERYTHING_ ;-)

[1]    http://www.snort.org/docs/writing_rules (html)
http://www.snort.org/docs/SnortUsersManual.pdf (pdf) [2] http://www.snort.org/dl/snort-1.9.0.tar.gz 

Hope it helps

   - Albert

--
The secret to success is to start from scratch and keep on scratching.




-------------------------------------------------------
This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0002en 

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: