Output Modules
139
preprocessor arpspoof_detect_host: 192.168.1.13 \
   34:45:fd:3e:a2:01
If in any ARP packet these two addresses don't match, an alert will be generated.
You can use multiple lines in the configuration file to create many similar pairs.
4.2 Output Modules
Output modules are used to control the output from Snort detection engine. By default,
the output from alerts and logs go into files in the /var/log/snort directory. Using
output modules, you can process output and send output messages a number of other
destinations. Commonly used output modules are:
  The database module is used to store Snort output data in databases.
  The SNMP module can be used to send Snort alerts in the form of traps to a
management server.
  The SMB alerts module can send alerts to Microsoft Windows machines in the
form of pop up SMB alert windows.
  The syslog module logs messages to the syslog utility. Using this module you
can log messages to a centralized logging server.
  You can also use XML or CSV modules to save data in XML or comma
separated files. The CSV files can then be imported into databases or
spreadsheet software for further processing or analysis.
Output modules can be defined in the Snort configuration file and some of them
can also be configured on the command line as well. The general format for defining
the output module inside the configuration file is as follows:
output [: arguments]
For example, if you want to log messages to MySQL database called  snort  using
database user name  rr  and password  rr  located on the same machine where Snort is
running, you use the following line in snort.conf file.
output database: log, mysql, user=rr password=rr \
   dbname=snort host=localhost
However  when you use an output module in the configuration file, alerts will not
go into the alert file. Once you place this line in the snort.conf file, all alerts will go
into the MySQL database. There are ways to send alerts to multiple destinations.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

toronto web hosting

 

Our partners: PHP: Hypertext Preprocessor Cheap Web Hosting JSP Web Hosting Ontario Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Java Hosting Cheapest Hosting

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved