Snort Alert Modes


69


2.8.4


No Alert Mode


You can also completely disable Snort alerts using   A none  command line


option. This option is very useful for high speed intrusion detection using unified log 


ging. You can disable normal logging using this option while using the unified option.


Unified output plug in is discussed in Chapter 4.


2.8.5


Sending Alerts to Syslog


This command allows Snort to send alerts to Syslog daemon. Syslog is a system


logger daemon and it generates log files for system events. It reads its configuration file


/etc/syslog.conf where the location of these log files is configured. The usual


location of syslog files is /var/log directory. On Linux systems, usually /var/


log/messages is the main logging file. For more information, use the  man sys 


log  command. The  man syslog.conf  command shows the format of the sys 


log.conf file.


Depending on the configuration of the Syslog using /etc/syslog.conf file,


the alerts can be saved into a particular file. The following command enables Snort to


log to the Syslog daemon:


/opt/snort/bin/snort  c /opt/snort/etc/snort.conf  s


Using the default configuration on my RedHat 7.1 computer, the messages are


logged to /var/log/messages file. When you cause an alert message by sending


the special ICMP packet with TTL=100, the following line will be logged to the /var/


log/messages file.


May 28 22:21:02 snort snort[1750]: [1:0:0] Ping with TTL=100 


{ICMP} 192.168.1.100  > 192.168.1.3


Using Syslog facility will be discussed in Chapter 4 later on in this book. You will


also learn how to enable logging to Syslog using the output plug in.


2.8.6


Sending Alerts to SNMP


One very useful feature of Snort is SNMP traps. You can configure an output


plug in to send messages in the form of SNMP traps to a network management system.


Using this feature you can integrate your intrusion detection sensors into any central 


ized NMS like HP OpenView, OpenNMS, MRTG and so on. Snort can generate SNMP


version 2 and version 3 traps. The configuration process for SNMP traps will be dis 


cussed later on in detail.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      toronto web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved