Code: |
tar xvfz SnortSnarf-021111.1.tar.gz |
Code: |
ls –l |
Code: |
cp JulianDay.pm (to the above relative path /usr/lib/...) |
Code: |
don@monkeylabs:~/SnortSnarf-021111.1> dir
total 97 -r--r--r-- 1 1001 1001 18007 Nov 11 20:11 COPYING -r--r--r-- 1 1001 1001 20241 Nov 11 20:11 Changes -r--r--r-- 1 1001 1001 5818 Nov 11 20:11 README lrwxrwxrwx 1 1001 1001 16 Apr 10 17:43 README.SISR -> sisr/README.SISR lrwxrwxrwx 1 1001 1001 26 Apr 10 17:43 README.nmap2html -> nmap2html/README.nmap2html drwxr-xr-x 2 1001 1001 48 Nov 11 20:11 Time-modules -r--r--r-- 1 1001 1001 17854 Nov 11 20:11 Usage drwxr-xr-x 2 1001 1001 328 Nov 11 20:11 cgi drwxr-xr-x 3 1001 1001 208 Nov 11 20:11 include -r--r--r-- 1 1001 1001 36 Nov 11 20:11 new-annotation-base.xml drwxr-xr-x 2 1001 1001 176 Nov 11 20:11 nmap2html drwxr-xr-x 5 1001 1001 248 Nov 11 20:11 sisr drwxr-xr-x 227 root root 5576 Apr 10 21:42 snfout.scans.030325_2 -rwxr-xr-x 1 1001 1001 18527 Nov 11 20:11 snortsnarf.pl drwxr-xr-x 2 1001 1001 192 Nov 11 20:11 utilities |
Code: |
cp -r include/ /usr/lib/perl5/site_perl/ |
Code: |
./snortsnarf.pl -usage |
Code: |
snortsnarf.pl { OPTION | FILE | user[:passwd][@dbname@host[:port] }
FILE is a text file containing snort alerts in full alert, fast alert, syslog, portscan log, or portscan2 log format user[:passwd][@dbname]@host[:port] is a Snort database OPTION is one of the following: -d <dir> Set the output directory to <dir> -win Run in windows mode (required on Windows) -hiprioisworse Consider higher priority #'s to indicate higher priority -cgidir <URL> Indicate that SnortSnarf's CGI scripts are in <URL>, for links -homenet <net> Match <net> to snort -h <net>. For -ldir -ldir <URL> Enable log linking; <URL> is base URL for the log files -dns [<net>] Show hostnames for IPs, or only IPs in <net> (can be slow) -rulesfile <file> Set base Snort rules to <file>. For sig. display and X-refs -rulesdir <dir> Set current directory for rule files from -rulesfile -rulesscanonce Save read Snort rules in memory. Might save CPU -db <path> Enable annotations; <path> is full path to ann. file from CGI -sisr <file > Enable incident storage and reporting; <file> is SISR's config -nmapurl <URL> Enable linking to nmap2html output; <URL> is base URL -nmapdir <dir> For -nmapurl, verify page for IP exists in <dir> before linking -color=<opt> Set alert background color scheme. <opt> is yes, no, or rotate -top=<N> <N> entries on top source and dest reports are shown -onewindow Do not open new browser windows -rs Reverse signature listing order, put most interesting first -refresh=<secs> Cause pages to refresh every <secs> seconds -split=<N> Change split threshold for alert pages to <N>. 0=never split -obfuscateip Anonymize IPs by remapping addrs in alerts (file input only) -ymd Show dates outside alerts in year/month/day order -gmt Show dates outside alerts in your local TZ (for snort -g only) |
Code: |
rm -r * |
Code: |
./snortsnarf.pl -rs /var/log/snort/alert |
Code: |
./snortsnarf.pl –rs /var/log/snort/alert –dir /home/don/ |
output generated using printer-friendly topic mod, All times are GMT + 2 Hours