Difference between revisions of "SNORT: Cara membaca snort.log file"

From OnnoWiki
Jump to navigation Jump to search
Line 3: Line 3:
  
 
Gunakan opsi -r <filename> untuk membaca capture file binary dari libpcap format,
 
Gunakan opsi -r <filename> untuk membaca capture file binary dari libpcap format,
 
  
 
  snort -dv -r /var/log/snort/snort.log.1085148255
 
  snort -dv -r /var/log/snort/snort.log.1085148255

Revision as of 03:21, 16 March 2017

Sumber: https://www.safaribooksonline.com/library/view/snort-cookbook/0596007914/ch01s20.html


Gunakan opsi -r <filename> untuk membaca capture file binary dari libpcap format,

snort -dv -r /var/log/snort/snort.log.1085148255

Jika kita ingin menbaca binary file snort.log.1085148255 dan menyimpan semua taffic dalam bentuk format ASCII di directory,

snort -r /var/log/snort/snort.log.1085148255 -l ~/log.txt

berikut adalah membaca binary file snort.log.108514825 dan memproses traffic sesuai dengan parameter snort.conf,

snort -r /var/log/snort/snort.log.1085148255 -l ~/log -c /etc/snort/snort.conf

berikut adalah membaca binary file snort.log.1085148255 dan menayangkan hanya traffic TCP ke layar:

snort -dv -r /var/log/snort/snort.log.1085148255 tcp

When processing capture files, Snort can be used in any of its three modes; sniffer, packet logger, and NIDS. The first example displays the logfile packets to the screen. You can also choose to log them to ASCII files or run the file through the rules engine. You can also use the command-line filters to look for certain packets as you process the logfile, such as TCP packets.



Referensi