Solved

Snort alerts... how do I view?

Posted on 2014-02-14
3
2,710 Views
Last Modified: 2014-02-24
Hi I have a snort version up and running, however how do I review the alert file that is generated?
0
Comment
Question by:NYGiantsFan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 14

Expert Comment

by:comfortjeanius
ID: 39859803
According to this link, ""How to view snort log files"

From the terminal like snort -r xx.log.xxx$ or if you have barnyard2 install then you can use that...

Plus with barnyard2 you can log the output to a comma-separated file; "Snort Cookbook/Logging, Alerts, and Output Plug-ins" scroll down to "Logging to CSV file"
0
 

Author Comment

by:NYGiantsFan
ID: 39870720
This is the problem, I am not running snort, however am getting that format (running Sucatia)

As for Barnyard, it bombed during the installation onto my Linux flavor.

Doesn't some type of application or log view exist for this?  Thanks.
0
 
LVL 14

Accepted Solution

by:
comfortjeanius earned 500 total points
ID: 39870896
You can use Wireshark, tcpdump, SnortALog


Or you can use the -r switch
snort -dve -r ./snortlogs/snort.log.8732687341

Open in new window

0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
A hard and fast method for reducing Active Directory Administrators members.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question