?
Solved

Snort alerts... how do I view?

Posted on 2014-02-14
3
Medium Priority
?
3,722 Views
Last Modified: 2014-02-24
Hi I have a snort version up and running, however how do I review the alert file that is generated?
0
Comment
Question by:NYGiantsFan
  • 2
3 Comments
 
LVL 14

Expert Comment

by:comfortjeanius
ID: 39859803
According to this link, ""How to view snort log files"

From the terminal like snort -r xx.log.xxx$ or if you have barnyard2 install then you can use that...

Plus with barnyard2 you can log the output to a comma-separated file; "Snort Cookbook/Logging, Alerts, and Output Plug-ins" scroll down to "Logging to CSV file"
0
 

Author Comment

by:NYGiantsFan
ID: 39870720
This is the problem, I am not running snort, however am getting that format (running Sucatia)

As for Barnyard, it bombed during the installation onto my Linux flavor.

Doesn't some type of application or log view exist for this?  Thanks.
0
 
LVL 14

Accepted Solution

by:
comfortjeanius earned 2000 total points
ID: 39870896
You can use Wireshark, tcpdump, SnortALog


Or you can use the -r switch
snort -dve -r ./snortlogs/snort.log.8732687341

Open in new window

0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

2017 was a scary year for cyber security.  Hear what our security experts say that hackers have in store for us in 2018.
This blog will spread awareness about Dropbox. We have given the statements based upon our experience. Along with this, there is a section of some new plans that should be added in Dropbox this year. This will make the storage service enhanced from …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question