SNORT: Cara membaca snort.log file: Difference between revisions

Latest revision as of 03:04, 5 December 2018

Gunakan opsi -r <filename> untuk membaca capture file binary dari libpcap format,

snort -dv -r /var/log/snort/snort.log.1085148255

Jika kita ingin menbaca binary file snort.log.1085148255 dan menyimpan semua taffic dalam bentuk format ASCII di directory,

snort -r /var/log/snort/snort.log.1085148255 -l ~/log.txt

berikut adalah membaca binary file snort.log.108514825 dan memproses traffic sesuai dengan parameter snort.conf,

snort -r /var/log/snort/snort.log.1085148255 -l ~/log -c /etc/snort/snort.conf

berikut adalah membaca binary file snort.log.1085148255 dan menayangkan hanya traffic TCP ke layar:

snort -dv -r /var/log/snort/snort.log.1085148255 tcp

@@ Line 3: / Line 3: @@
 Gunakan opsi -r <filename> untuk membaca capture file binary dari libpcap format,
   snort -dv -r /var/log/snort/snort.log.1085148255
@@ Line 19: / Line 18: @@
   snort -dv -r /var/log/snort/snort.log.1085148255 tcp
-When processing capture files, Snort can be used in any of its three modes; sniffer, packet logger, and NIDS. The first example displays the logfile packets to the screen. You can also choose to log them to ASCII files or run the file through the rules engine. You can also use the command-line filters to look for certain packets as you process the logfile, such as TCP packets.
@@ Line 27: / Line 25: @@
 * https://www.safaribooksonline.com/library/view/snort-cookbook/0596007914/ch01s20.html
+==Pranala Menarik==
+* [[Snort]]