Argobox Digital Garden

Snort Logs

2 min read

  1. alert:

    • Max Size: No Limit
    • Retention: 14 Days
    • Description: This log contains Snort alerts and event details. These alerts indicate potential intrusion attempts, malicious activities, or other security-related events detected by Snort’s rules and signatures. Events captured in this log provide information about the nature of the threat, source and destination IPs, ports, protocols, and more.

  2. snort_xxxxx.u2:

    • Max Size: 500 KB
    • Retention: 14 Days
    • Description: This log contains Snort alerts and event details in the Unified2 binary log format. Unified2 is a binary log format used by Snort to store event data, including packet payloads. This format allows for efficient storage and analysis of network events.

  3. appid-alerts:

    • Max Size: 500 KB
    • Retention: 14 Days
    • Description: Application ID (AppID) alerts are related to identifying and categorizing applications on your network. These alerts can help you understand which applications are being used and potentially detect unauthorized or malicious applications.

  4. app-stats:

    • Max Size: 1 MB
    • Retention: 7 Days
    • Description: Application ID statistics provide insights into application usage patterns on your network. This can be valuable for understanding network traffic trends and optimizing network resources.

  5. event pcaps:

    • Max Size: No Limit
    • Retention: 14 Days
    • Description: This log contains packet captures related to Snort alerts. Packet captures (pcaps) are snapshots of network traffic, allowing you to analyze the exact content of packets associated with detected alerts. This can be valuable for in-depth investigation.

  6. sid_changes:

    • Max Size: 250 KB
    • Retention: 14 Days
    • Description: This log records changes made to Snort’s Signature ID (SID) Management configuration files. SIDs are unique identifiers assigned to Snort rules. Monitoring SID changes can help track modifications to the rule set.

  7. stats:

    • Max Size: 500 KB
    • Retention: 7 Days
    • Description: Snort performance statistics log captures information about the performance of the Snort IDS/IPS. This can include metrics like packet processing rates, rule match rates, and more.

These logs collectively provide insights into network security events, traffic patterns, application usage, and Snort’s own performance. Regularly reviewing these logs and understanding their content can help you identify potential security threats, assess network usage, and ensure the effectiveness of your intrusion detection and prevention measures.

Graph View