我刚刚安装了snort,并使用它来分析pcap文件。
snort -V
Version 2.9.11.1 GRE (Build 268)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team
Copyright (C) 2014-2017 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using libpcap version 1.8.1
Using PCRE version: 8.39 2016-06-14
Using ZLIB version: 1.2.8
我运行以分析pcap文件的命令,它应该生成一个日志文件是:
sudo snort -v -c /etc/snort/snort.conf -r test.pcapng
当我转到/var/snort/log时,警报文件为空
在此感谢您的帮助..谢谢