Output Modules
145
Some typical names of files created by using this line in snort.conf file in Snort 1.9
are: 
snort_tcpdump.log.1039971287
snort_tcpdump.log.1039971389
If you use the file command to determine the type of the files created by Snort, an
output like the following will be displayed.
[root@conformix]# file /var/log/snort/
snort_tcpdump.log.1039971287 
/var/log/snort/snort_tcpdump.log.1039971287: tcpdump capture 
file (little endian)   version 2.4 (Ethernet, capture length 
1514)
[root@conformix]#
This output shows that this file is in rcpdump format. Now you can display the
contents of this file (the captured data) using the tcpdump command as follows:
[root@conformix]# tcpdump  v  r  /var/log/snort/
snort_tcpdump.log.1039971287 
11:55:03.163301 192.168.1.1.1901 > 239.255.255.250.1900:  [udp sum ok] 
udp 269 (ttl 150, id 0, len 297)
11:55:03.166078 192.168.1.1.1901 > 239.255.255.250.1900:  [udp sum ok] 
udp 325 (ttl 150, id 1, len 353)
11:55:03.168592 192.168.1.1.1901 > 239.255.255.250.1900:  [udp sum ok] 
udp 253 (ttl 150, id 2, len 281)
11:55:03.170912 192.168.1.1.1901 > 239.255.255.250.1900:  [udp sum ok] 
udp 245 (ttl 150, id 3, len 273)
11:55:03.173415 192.168.1.1.1901 > 239.255.255.250.1900:  [udp sum ok] 
udp 289 (ttl 150, id 4, len 317)
11:55:03.175796 192.168.1.1.1901 > 239.255.255.250.1900:  [udp sum ok] 
udp 265 (ttl 150, id 5, len 293)
11:55:03.178429 192.168.1.1.1901 > 239.255.255.250.1900:  [udp sum ok] 
udp 319 (ttl 150, id 6, len 347)
11:55:03.181288 192.168.1.1.1901 > 239.255.255.250.1900:  [udp sum ok] 
udp 317 (ttl 150, id 7, len 345)
11:55:03.183845 192.168.1.1.1901 > 239.255.255.250.1900:  [udp sum ok] 
udp 321 (ttl 150, id 8, len 349)
11:55:03.186581 192.168.1.1.1901 > 239.255.255.250.1900:  [udp sum ok] 
udp 313 (ttl 150, id 9, len 341)
[root@conformix]#
This is especially useful if you want to create log files in binary format and then
use tcpdump to analyze the log files later.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

toronto web hosting

 

Our partners: PHP: Hypertext Preprocessor Cheap Web Hosting JSP Web Hosting Ontario Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Java Hosting Cheapest Hosting

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved