Sto cercando un supporto per l'uso di Snort in Windows 7. La mia esperienza fino ad ora sta usando WireShark, quindi questa è una nuova area per me.
Vorrei usare Snort per eseguire una traccia che, una volta terminata, scriverà l'output in un file di log che posso quindi analizzare.
Posso eseguire una traccia usando:
snort.exe -i 3 -vd
Ma non riesco a capire per registrare questa uscita. Qualsiasi aiuto sarebbe apprezzato.
Ecco un estratto da Snort Cookbook . Dovresti essere in grado di trovare ciò che stai cercando lì dentro.
Logging to a Specific File
Problem
You want to log your output to a specific file and location.
Solution
Use the
-L ttfilename/ttoption to log to a specific file:[testuser@localhost snort]# snort -L test1You can also specify a location by using the
-l ttdirectory/ttcommand-line option:[testuser@localhost snort]# snort -l /snort/log -L test2Discussion
Logging traffic in binary mode is far less resource intensive than in other modes. Binary files can then be reviewed later using Snort, TCPDump, Ethereal, or other binary log-compatible programs.
You can log to a specific file by specifying the
-L ttfilename/ttcommand-line option. This logs the network traffic to a binary file. The following command logs all traffic to the file called test1 in the default Snort log directory:[testuser@localhost snort]# snort -L test1This command creates a file called
test1.1084554709in the/var/log/snort directory. You can also specify a location by using the-l ttdirectory/ttcommand-line option:[testuser@localhost snort]# snort -l /snort/log -L test2This command creates a file called
test1.1084554711in the/snort/logdirectory.