update snort alert

2025-12-21 13:23:02 +01:00 · 2018-08-26 15:36:51 +08:00
parent 7414dac1f3
commit 26b8d99a3b
2 changed files with 5 additions and 5 deletions
--- a/snort/README.md
+++ b/snort/README.md
@@ -9,7 +9,7 @@ traffic analysis and packet logging.
 ```yaml
 snort:
  image: vimagick/snort
-  command: -q -c /etc/snort/snort.conf -A console -i ens3
+  command: -q -c /etc/snort/snort.conf -A fast -y -i eth0
  volumes:
    - ./data/snort.conf:/etc/snort/snort.conf
    - ./data/rules:/etc/snort/rules
@@ -30,9 +30,9 @@ alert icmp any any -> any any (msg:"ICMP Echo Reply"; itype:0; sid:10001;)
 ```bash
 $ docker-compose up -d
-$ docker-compose logs --tail 10 -f
+$ tail -f data/log/alert
-snort_1  | 08/26-06:47:35.460754  [**] [1:10000:0] ICMP Echo Request [**] [Priority: 0] {ICMP} x.x.x.x -> y.y.y.y
+snort_1  | 08/26/18-06:47:35.460754  [**] [1:10000:0] ICMP Echo Request [**] [Priority: 0] {ICMP} x.x.x.x -> y.y.y.y
-snort_1  | 08/26-06:47:35.460835  [**] [1:10001:0] ICMP Echo Reply [**] [Priority: 0] {ICMP} y.y.y.y -> x.x.x.x
+snort_1  | 08/26/18-06:47:35.460835  [**] [1:10001:0] ICMP Echo Reply [**] [Priority: 0] {ICMP} y.y.y.y -> x.x.x.x
 $ tcpdump -n -r data/log/snort.log.xxx
 06:47:35.460754 IP x.x.x.x > y.y.y.y: ICMP echo request, id 17767, seq 933, length 12
--- a/snort/docker-compose.yml
+++ b/snort/docker-compose.yml
@@ -1,6 +1,6 @@
 snort:
  image: vimagick/snort
-  command: -q -c /etc/snort/snort.conf -A console -k none -i ens3
+  command: -q -c /etc/snort/snort.conf -A fast -y -i eth0
  volumes:
    - ./data/snort.conf:/etc/snort/snort.conf
    - ./data/rules:/etc/snort/rules