Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools

Trace:
snort_2.9.6.1_centos_6.5

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
snort_2.9.6.1_centos_6.5 [2014/05/09 07:01] adminsnort_2.9.6.1_centos_6.5 [2021/10/09 15:14] (current) – external edit 127.0.0.1
Line 1: Line 1:
 +{{tag>[security snort centos6.5]}}
 +=====Snort 2.9.6.1 on CentOS 6.5=====
 ====Install prerequisites==== ====Install prerequisites====
   * EPEL repo   * EPEL repo
Line 18: Line 20:
  
 ====Test rule==== ====Test rule====
-Put as last line in snot.conf+Put as last line in snort.conf
   alert icmp any any -> 1.2.3.4 any (msg: "Gateway ping"; sid:10000001;)   alert icmp any any -> 1.2.3.4 any (msg: "Gateway ping"; sid:10000001;)
  
Line 28: Line 30:
 05/09-09:00:07.666729  [**] [1:10000001:0] Gateway ping [**] [Priority: 0] {ICMP} 6.7.8.9 -> 1.2.3.4 05/09-09:00:07.666729  [**] [1:10000001:0] Gateway ping [**] [Priority: 0] {ICMP} 6.7.8.9 -> 1.2.3.4
 </code> </code>
-</code>+ 
 +You can even show contents of the packets with tcpdump 
 +  tcpdump -r snort.log.1399615922
  
  
snort_2.9.6.1_centos_6.5.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1