|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alberto Gonzalez (ag-snort_at_cerebro.violating.us)
Date: Thu Oct 24 2002 - 01:58:52 CDT
Ok, not to be harsh, but you SOUND really new.
1. Learn everything you can about snort, its functions, option and plugins
- I recommend reading the Snort Users Manual[1]
2. Familarize yourself with TCP/IP
- I recommend reading "TCP/IP Illustrated Vol 1" By R. Stevens
3. If snort gives you an alert, it also gives you a "reference", go read
about that specific attack.
4. Use google. (this is your best friend).
And to your question, access_log is pertaining to apache. I suggest also
reading about what your using. Looks to me
your just running default installs of things.
I see you mentioned debian, im almost positive you used its package
system. Try grabbing the lastest stable[2]
or grabbing it via snapshots/ directory. Rolling Your Own is the best
method for a new snort user.
And read my signature(below) and apply that to _EVERYTHING_ ;-)
[1] http://www.snort.org/docs/writing_rules (html)
http://www.snort.org/docs/SnortUsersManual.pdf (pdf)
[2] http://www.snort.org/dl/snort-1.9.0.tar.gz
Hope it helps
- Albert
-- The secret to success is to start from scratch and keep on scratching.------------------------------------------------------- This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0002en
_______________________________________________ Snort-users mailing list Snort-users
lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]