165
Snort日志输出插件详解-李晨光原创技术博客
source link: http://blog.51cto.com/chenguang/2091572
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Snort日志分析方法当Snort启动后,就会不停的抓取网络上的数据包,因此它会在的硬盘上记录大量的报警信息。铺天盖地的大量日志信息对个人来讲是无意义的,因此,你需要工具对日志文件的内容进行分析,从无序日志中获取有用的信息,这样可以帮组你针对攻击威胁采取必要措施。Snort的日志一般位于:/var/log/snort/目录下。可以通过修改配置文件来设置Snort的报警形式。基于文本的格式、libp
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK