Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Snort alerts... how do I view?

Posted on 2014-02-14
3
Medium Priority
?
3,141 Views
Last Modified: 2014-02-24
Hi I have a snort version up and running, however how do I review the alert file that is generated?
0
Comment
Question by:NYGiantsFan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 14

Expert Comment

by:comfortjeanius
ID: 39859803
According to this link, ""How to view snort log files"

From the terminal like snort -r xx.log.xxx$ or if you have barnyard2 install then you can use that...

Plus with barnyard2 you can log the output to a comma-separated file; "Snort Cookbook/Logging, Alerts, and Output Plug-ins" scroll down to "Logging to CSV file"
0
 

Author Comment

by:NYGiantsFan
ID: 39870720
This is the problem, I am not running snort, however am getting that format (running Sucatia)

As for Barnyard, it bombed during the installation onto my Linux flavor.

Doesn't some type of application or log view exist for this?  Thanks.
0
 
LVL 14

Accepted Solution

by:
comfortjeanius earned 2000 total points
ID: 39870896
You can use Wireshark, tcpdump, SnortALog


Or you can use the -r switch
snort -dve -r ./snortlogs/snort.log.8732687341

Open in new window

0

Featured Post

Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out the latest tech news, community articles, and expert highlights in August's newsletter.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question