2,306
edits
Changes
Jump to navigation
Jump to search
Line 32:
Line 32: + + + + + + + + + + + + + + + + + + + + + + + + + + +
no edit summary
==== Snort rules ====
==== Snort rules ====
https://www.youtube.com/watch?v=RUmYojxy3Xw
https://www.youtube.com/watch?v=RUmYojxy3Xw
==== output plugins examples ====
<nowiki>
output alert_syslog: LOG_AUTH LOG_ALERT
output log_tcpdump: tcpdump.log
output database: log, mysql, user=root password=test dbname=db
host=localhost
output alert_unified: filename snort.alert, limit 128
output log_unified: filename snort.log, limit 128
output alert_fast /var/log/snort/fast_alert
output log_dump /var/log/snort/dump_output
output alert_csv: /var/log/snort/csv.out timestamp,msg,srcip,
sport,dstip,dport,protoname,itype,icode
output alert_syslog
output log_pcap /var/log/snort/pcap_log
# database: log to a variety of databases
# ---------------------------------------
# See the README.database file for more information about configuring
# and using this plugin.
#
# output database: log, mysql, user=root password=test dbname=db
# host=localhost
# output database: alert, postgresql, user=snort dbname=snort
# output database: log, odbc, user=snort dbname=snort
# output database: log, mssql, dbname=snort user=snort password=test
# output database: log, oracle, dbname=snort user=snort password=test<nowiki>