Problem
You want to view your Snort alerts with the Windows Event Viewer.
Solution
Log your Snort alert messages to the Windows Event log by using the -E command-line option:
C:Snortin>snort -E -l C:snortlog -c c:snortetcsnort.conf
Discussion
The -E command-line option is available only on Snort for Windows. However, this does make log viewing convenient by consolidating it into the same method as all other Windows events. You must use this command-line option when running Snort in NIDS mode so that alerts get properly generated in Windows Event log format. Figure 2-1 shows what a Snort event looks like in the Event Viewer. You can see the details of the log entry by double-clicking on it, as shown in Figure 2-2.
Figure 2-1. Event Viewer
Figure 2-2. Event Properties
See Also
Recipe 1.18
Logging Alerts to a Database |
Installing Snort from Source on Unix
Logging to a File Quickly
How to Build Rules
Detecting Stateless Attacks and Stream Reassembly
Managing Snort Sensors
Generating Statistical Output from Snort Logs
Monitoring Network Performance
Index