Snort logs
-
I wondered if there was a way to display the snort logs from the command line.
I have the pfsense on a kvm so I can view the screen locally rather than ssh. From looking at the snort package advanced tab it says about tcpdump logs. Could I view somthing similar to pftop from the main user menu? It would be very nice to see blocked ip's from snort and what ip's are popping up.
Sorry but I don't have a clue how to follow / tail the dump file and where it is stored.
If someone could shed some light on this that would be great. Sicne I have upgraded to the latest version it has opened up a whole world of goodies for monitoring and protecting the system.
Regards
Sam
-
In ther terminal.
ee /var/log/snort/alert
or
tail -F /var/log/snort/alert
I wondered if there was a way to display the snort logs from the command line.
I have the pfsense on a kvm so I can view the screen locally rather than ssh. From looking at the snort package advanced tab it says about tcpdump logs. Could I view somthing similar to pftop from the main user menu? It would be very nice to see blocked ip's from snort and what ip's are popping up.
Sorry but I don't have a clue how to follow / tail the dump file and where it is stored.
If someone could shed some light on this that would be great. Sicne I have upgraded to the latest version it has opened up a whole world of goodies for monitoring and protecting the system.
Regards
Sam
-
thanks jamesdean
And to exit it's ctrl/c for those like me that didnt know :)
I dont suppose there is a way of tailing the blocked ip list is there? It would also be good from time to time to view the offenders in a nice format such as the blocked list.
Regards
Sam
-
To show all block ips in the terminal.
pfctl -t snort2c -Ts
I wondered if there was a way to display the snort logs from the command line.
I have the pfsense on a kvm so I can view the screen locally rather than ssh. From looking at the snort package advanced tab it says about tcpdump logs. Could I view somthing similar to pftop from the main user menu? It would be very nice to see blocked ip's from snort and what ip's are popping up.
Sorry but I don't have a clue how to follow / tail the dump file and where it is stored.
If someone could shed some light on this that would be great. Sicne I have upgraded to the latest version it has opened up a whole world of goodies for monitoring and protecting the system.
Regards
Sam