Solved

Snort alerts... how do I view?

Posted on 2014-02-14
3
2,078 Views
Last Modified: 2014-02-24
Hi I have a snort version up and running, however how do I review the alert file that is generated?
0
Comment
Question by:NYGiantsFan
  • 2
3 Comments
 
LVL 14

Expert Comment

by:comfortjeanius
ID: 39859803
According to this link, ""How to view snort log files"

From the terminal like snort -r xx.log.xxx$ or if you have barnyard2 install then you can use that...

Plus with barnyard2 you can log the output to a comma-separated file; "Snort Cookbook/Logging, Alerts, and Output Plug-ins" scroll down to "Logging to CSV file"
0
 

Author Comment

by:NYGiantsFan
ID: 39870720
This is the problem, I am not running snort, however am getting that format (running Sucatia)

As for Barnyard, it bombed during the installation onto my Linux flavor.

Doesn't some type of application or log view exist for this?  Thanks.
0
 
LVL 14

Accepted Solution

by:
comfortjeanius earned 500 total points
ID: 39870896
You can use Wireshark, tcpdump, SnortALog


Or you can use the -r switch
snort -dve -r ./snortlogs/snort.log.8732687341

Open in new window

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now