Difference between revisions of "SNORT: Cara membaca snort.log file"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) (Created page with "Sumber: https://www.safaribooksonline.com/library/view/snort-cookbook/0596007914/ch01s20.html 1.19. Reading a Saved Capture File Problem You have a binary capture file that...") |
Onnowpurbo (talk | contribs) |
||
(3 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
− | + | Gunakan opsi -r <filename> untuk membaca capture file binary dari libpcap format, | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
snort -dv -r /var/log/snort/snort.log.1085148255 | snort -dv -r /var/log/snort/snort.log.1085148255 | ||
− | + | Jika kita ingin menbaca binary file snort.log.1085148255 dan menyimpan semua taffic dalam bentuk format ASCII di directory, | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
snort -r /var/log/snort/snort.log.1085148255 -l ~/log.txt | snort -r /var/log/snort/snort.log.1085148255 -l ~/log.txt | ||
− | + | berikut adalah membaca binary file snort.log.108514825 dan memproses traffic sesuai dengan parameter snort.conf, | |
snort -r /var/log/snort/snort.log.1085148255 -l ~/log -c /etc/snort/snort.conf | snort -r /var/log/snort/snort.log.1085148255 -l ~/log -c /etc/snort/snort.conf | ||
− | + | berikut adalah membaca binary file snort.log.1085148255 dan menayangkan hanya traffic TCP ke layar: | |
snort -dv -r /var/log/snort/snort.log.1085148255 tcp | snort -dv -r /var/log/snort/snort.log.1085148255 tcp | ||
− | |||
Line 38: | Line 25: | ||
* https://www.safaribooksonline.com/library/view/snort-cookbook/0596007914/ch01s20.html | * https://www.safaribooksonline.com/library/view/snort-cookbook/0596007914/ch01s20.html | ||
+ | |||
+ | |||
+ | ==Pranala Menarik== | ||
+ | |||
+ | * [[Snort]] |
Latest revision as of 10:04, 5 December 2018
Sumber: https://www.safaribooksonline.com/library/view/snort-cookbook/0596007914/ch01s20.html
Gunakan opsi -r <filename> untuk membaca capture file binary dari libpcap format,
snort -dv -r /var/log/snort/snort.log.1085148255
Jika kita ingin menbaca binary file snort.log.1085148255 dan menyimpan semua taffic dalam bentuk format ASCII di directory,
snort -r /var/log/snort/snort.log.1085148255 -l ~/log.txt
berikut adalah membaca binary file snort.log.108514825 dan memproses traffic sesuai dengan parameter snort.conf,
snort -r /var/log/snort/snort.log.1085148255 -l ~/log -c /etc/snort/snort.conf
berikut adalah membaca binary file snort.log.1085148255 dan menayangkan hanya traffic TCP ke layar:
snort -dv -r /var/log/snort/snort.log.1085148255 tcp
Referensi