From 26b8d99a3b8d479390f1239f006c02d23534f807 Mon Sep 17 00:00:00 2001
From: kev <vimagick@gmail.com>
Date: Sun, 26 Aug 2018 15:36:51 +0800
Subject: [PATCH] update snort alert

---
 snort/README.md          | 8 ++++----
 snort/docker-compose.yml | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/snort/README.md b/snort/README.md
index dd1c893..6e057b1 100644
--- a/snort/README.md
+++ b/snort/README.md
@@ -9,7 +9,7 @@ traffic analysis and packet logging.
 ```yaml
 snort:
   image: vimagick/snort
-  command: -q -c /etc/snort/snort.conf -A console -i ens3
+  command: -q -c /etc/snort/snort.conf -A fast -y -i eth0
   volumes:
     - ./data/snort.conf:/etc/snort/snort.conf
     - ./data/rules:/etc/snort/rules
@@ -30,9 +30,9 @@ alert icmp any any -> any any (msg:"ICMP Echo Reply"; itype:0; sid:10001;)
 ```bash
 $ docker-compose up -d
 
-$ docker-compose logs --tail 10 -f
-snort_1  | 08/26-06:47:35.460754  [**] [1:10000:0] ICMP Echo Request [**] [Priority: 0] {ICMP} x.x.x.x -> y.y.y.y
-snort_1  | 08/26-06:47:35.460835  [**] [1:10001:0] ICMP Echo Reply [**] [Priority: 0] {ICMP} y.y.y.y -> x.x.x.x
+$ tail -f data/log/alert
+snort_1  | 08/26/18-06:47:35.460754  [**] [1:10000:0] ICMP Echo Request [**] [Priority: 0] {ICMP} x.x.x.x -> y.y.y.y
+snort_1  | 08/26/18-06:47:35.460835  [**] [1:10001:0] ICMP Echo Reply [**] [Priority: 0] {ICMP} y.y.y.y -> x.x.x.x
 
 $ tcpdump -n -r data/log/snort.log.xxx
 06:47:35.460754 IP x.x.x.x > y.y.y.y: ICMP echo request, id 17767, seq 933, length 12
diff --git a/snort/docker-compose.yml b/snort/docker-compose.yml
index 6209e3a..9f43a08 100644
--- a/snort/docker-compose.yml
+++ b/snort/docker-compose.yml
@@ -1,6 +1,6 @@
 snort:
   image: vimagick/snort
-  command: -q -c /etc/snort/snort.conf -A console -k none -i ens3
+  command: -q -c /etc/snort/snort.conf -A fast -y -i eth0
   volumes:
     - ./data/snort.conf:/etc/snort/snort.conf
     - ./data/rules:/etc/snort/rules