snort 실행
unix socket으로 보내는 방법
snort -i eth2 -A unsock -l /var/log/snort -c /etc/snort/snort.conf
unix socket으로 보내는 방법
snort -i eth2 -A unsock -l /var/log/snort -c /etc/snort/snort.conf
Snort Alert 포멧
[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
[**] : Generator ID, this tells the user what component of Snort generated this alert
116 : component of Snort.
56 : Snort ID (sometimes referred to as Signature ID)
1 : revision ID
728x90