I have been working with snort-IDS. I have got some log files at /var/log/snort. The files are of type snort.log.xxxx. How do i view this file???

I have installed and configured snort 2.9.7.2 and it is running without a problem. However, my question is: what does the following warning mean? "No preprocessors configured for policy 0" Thi...

I saw this with the same question and it comes to this rule : alert tcp any any -> any any (flags:S; msg:"NMAP TCP SYN"; sid: 1231213;) but it is totally wrong, it will alert you on almost an...

While trying to study BLE I am wondering if it is possible to analyse it through tools like Wireshark and snort? I came across one by the name "ubertooth" but that's a USB device which needs to be ...

I have 7 related tables and on one of the tables, there is a timestamp column and I want to delete all rows older than 30 days. However, these are VERY big deletes. I'm talking tens of millions of ...

While I was parsing the Snort regex set I found a very odd character class syntax, like [\x80-t] or [\x01-t\x0B\x0C\x0E-t\x80-t], and I can't figure out (really no clue) what -t means. I don't even...

I need to write a rule that captures the SYN-scanning. I tried this: alert tcp any any -> any any (flags:S,12; msg:"SYN"; sid: 1231213;) then try to scan: nmap -sS myIP but this does not output ...

I have got this error messge when creating snort make file? /usr/bin/ld: /usr/local/lib/libpcre.a(pcre_compile.o): relocation R_X86_64_32S against >`.rodata' can not be used when making a shared...

Having a problem with parsing Snort logs using the pyparsing module. The problem is with separating the Snort log (which has multiline entries, separated by a blank line) and getting pyparsing to ...