Differences

This shows you the differences between two versions of the page.

--- сервис_snort [2024/05/11 09:06]
val [Debian/Ubuntu]
+++ сервис_snort [2024/05/11 16:43]
val [Сервис SNORT]
@@ Line 4: / Line 4: @@
   * [[https://help.ubuntu.com/community/SnortIDS]]
   * [[https://www.snort.org/downloads/community/community-rules.tar.gz|!!!Открытые правила для тестирования!!!]]
-  * [[http://www.openinfosecfoundation.org//Альтернативное решение]]
+  * [[https://sansorg.egnyte.com/dl/qsNKTUL2ld|Snort and SSL/TLS Inspection]]
   * [[https://upcloud.com/resources/tutorials/installing-snort-on-debian|How to install Snort on Debian]]
+  * [[https://oisf.net/|Open Information Security Foundation Suricata]]
 ===== Установка, настройка, запуск сервиса =====
@@ Line 58: / Line 60: @@
 # tail -f /var/log/auth.log | grep Red
+# u2spewfoo /var/log/snort/snort.alert
 </code>
@@ Line 63: / Line 67: @@
 <code>
 isp.un$ wget http://192.168.X.10/root.exe
+</code>
+===== Копирование alert_unified2 в syslog =====
+<code>
+# stdbuf -i0 -o0 u2spewfoo <(tail -c +1 -f /var/log/snort/snort.alert) | logger -t snort -p auth.info
+# cat /etc/systemd/system/snort-alert-unified2-syslog.service
+</code><code>
+[Unit]
+Description=Send snort alert_unified2 to syslog
+After=snort.service
+[Service]
+ExecStart=/bin/bash -c '/usr/bin/stdbuf -i0 -o0 /usr/sbin/u2spewfoo <(/usr/bin/tail -c +1 -f /var/log/snort/snort.alert) | /usr/bin/logger -t snort -p auth.info'
+[Install]
+WantedBy=multi-user.target
 </code>

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools