apt-get install 了 snort ,之後照安裝畫面一步步設定.
而snort也可以start起來了...
想問一下,我在e-mail收到snort的報告是這樣的:
- 代碼: 選擇全部
Subject: [SNORT] test1.localdomain.fake
daily report
The log begins from: ::
The log ends at: ::
Total events: 0
Signatures recorded: 0
Source IP recorded: 0
Destination IP recorded: 0
The number of attacks from same host to same
destination using same method
=========================================================================
# of
attacks from to method
=========================================================================
Percentage and number of attacks from a host to a
destination
============================================================
# of
% attacks from to
============================================================
Percentage and number of attacks from one host to any
with same method
==============================================================
# of
% attacks from method
==============================================================
Percentage and number of attacks to one certain host
=================================================================
# of
% attacks to method
=================================================================
The distribution of attack methods
===============================================
# of
% attacks method
===============================================
這樣是否正常,還是有一些地方未設定..因我見到在/var/log/snort/alert裏已有很多東西了....
謝謝
