Snort to log ALL packets, and print them to the console?!?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Snort to log ALL packets, and print them to the console?!?
Im trying to get snort to log ALL the packets that pass over my network at one point or another, and then also print them to the screen. I cant seem to figure out how to do this.. Ive tried the man pages.. and even the readme. Stupid noob.
Hmm. I'd suggest you log them to file and tail it from there, because if you only print them on screen you won't have logs for looking at it later. Logfile location is set at compile time, then "tail -vf </location/logfilename> >> /dev/tty#" where # is the tty number you want it to appear at.
Logging *everything* in and having to decode it and save it in human readable text format makes snort slower. So you'll have to scrub the conf file for rulesets you don't use, or try unified logging format and run barnyard as a decoder.
Ok... Well... I have Snort installed already. Now i need to know how get the two progs running together. I asume that barnyard runs off snorts out plugins, but how do I tailor them to fit snort? And, I dont even know if I have snort setup correctly. When I turn it on, all I get are some TCPdump messages (few) and the rest i get are AR requests.
Could you rephrase your questions clearly, state what you've done, what won't work and show some error (logs) for it?
I mean "when I turn it on" usually refers to you coercing the application to do something by chanting some commandline arguments, "tailor them to fit snort" could well mean you would like to recode the snort output plugins to your liking, and assuming, well, you know what they say :-]
snort -dev -l /where/to/log
you might also want -i flag to specify an interface (eth0, eth1, ppp0, etc) and -c to specify the config file for snort is also a good option if you want to use a custom configuration file + rules, rules, and latest rules. the documentation at snort home website is suprior IMHO.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.