在之前8月時有測試到bond的功能
但一直有問題
今天跟工程師聊了一下
才知道一定要使用802.3ad才不會有問題
參考資料如下
http://www.geego.com.tw/tech_support/techdocs_easy-to-increase-network-bandwidth
2012/12/25
2012/12/23
2012/12/22
2012/12/21
2012/12/20
今年長官有提到要買firewall的需求
找了一下封包產生的軟体預計拿來測throuthput
1. packet builder
http://www.colasoft.com/download/products/download_packet_builder.php
2. iperf
http://35g.tw/blog/2009/08/17/%E7%B6%B2%E8%B7%AF%E6%95%88%E8%83%BD%E6%B8%AC%E8%A9%A6%E5%B7%A5%E5%85%B7-iperf/
iperf的圖形版
http://code.google.com/p/xjperf/
目前看來iperf簡單易用
iperf –c 1.1.1.1 –w 100M –t 120 –i 10
主要是改變w的值
通常在小的值的表現會比較不好
而大的值表現會比較好
但都會有一個極限
如下圖
.jpg)
找了一下封包產生的軟体預計拿來測throuthput
1. packet builder
http://www.colasoft.com/download/products/download_packet_builder.php
2. iperf
http://35g.tw/blog/2009/08/17/%E7%B6%B2%E8%B7%AF%E6%95%88%E8%83%BD%E6%B8%AC%E8%A9%A6%E5%B7%A5%E5%85%B7-iperf/
iperf的圖形版
http://code.google.com/p/xjperf/
目前看來iperf簡單易用
iperf –c 1.1.1.1 –w 100M –t 120 –i 10
主要是改變w的值
通常在小的值的表現會比較不好
而大的值表現會比較好
但都會有一個極限
如下圖
.jpg)
2012/12/16
如果要使用ssh來rsync又不想產生key
可以使用sshpass
http://www.cyberciti.biz/faq/noninteractive-shell-script-ssh-password-provider/
可以使用sshpass
http://www.cyberciti.biz/faq/noninteractive-shell-script-ssh-password-provider/
2012/12/13
2012/12/11
今天在找如何快速清除snort database的資料
相當方便 只要改天數就好了
DELETE FROM event WHERE timestamp < DATE_SUB(NOW(),INTERVAL 200 DAY);
DELETE FROM data USING data LEFT OUTER JOIN event USING (sid,cid) WHERE event.sid IS NULL;
DELETE FROM iphdr USING iphdr LEFT OUTER JOIN event USING (sid,cid) WHERE event.sid IS NULL;
DELETE FROM icmphdr USING icmphdr LEFT OUTER JOIN event USING (sid,cid) WHERE event.sid IS NULL;
DELETE FROM tcphdr USING tcphdr LEFT OUTER JOIN event USING (sid,cid) WHERE event.sid IS NULL;
DELETE FROM udphdr USING udphdr LEFT OUTER JOIN event USING (sid,cid) WHERE event.sid IS NULL;
DELETE FROM opt USING opt LEFT OUTER JOIN event USING (sid,cid) WHERE event.sid IS NULL;
DELETE FROM acid_event USING acid_event LEFT OUTER JOIN event USING (sid,cid) WHERE event.sid IS NULL;
DELETE FROM ag USING acid_ag_alert AS ag LEFT OUTER JOIN event AS e ON ag.ag_sid=e.sid AND ag.ag_cid=e.cid WHERE e.sid IS NULL;
OPTIMIZE TABLE event, data, iphdr, icmphdr, tcphdr, udphdr, opt, acid_event, acid_ag_alert;
http://blog.terryburton.co.uk/2007/09/deleting-old-snort-and-base-event-data.html
相當方便 只要改天數就好了
DELETE FROM event WHERE timestamp < DATE_SUB(NOW(),INTERVAL 200 DAY);
DELETE FROM data USING data LEFT OUTER JOIN event USING (sid,cid) WHERE event.sid IS NULL;
DELETE FROM iphdr USING iphdr LEFT OUTER JOIN event USING (sid,cid) WHERE event.sid IS NULL;
DELETE FROM icmphdr USING icmphdr LEFT OUTER JOIN event USING (sid,cid) WHERE event.sid IS NULL;
DELETE FROM tcphdr USING tcphdr LEFT OUTER JOIN event USING (sid,cid) WHERE event.sid IS NULL;
DELETE FROM udphdr USING udphdr LEFT OUTER JOIN event USING (sid,cid) WHERE event.sid IS NULL;
DELETE FROM opt USING opt LEFT OUTER JOIN event USING (sid,cid) WHERE event.sid IS NULL;
DELETE FROM acid_event USING acid_event LEFT OUTER JOIN event USING (sid,cid) WHERE event.sid IS NULL;
DELETE FROM ag USING acid_ag_alert AS ag LEFT OUTER JOIN event AS e ON ag.ag_sid=e.sid AND ag.ag_cid=e.cid WHERE e.sid IS NULL;
OPTIMIZE TABLE event, data, iphdr, icmphdr, tcphdr, udphdr, opt, acid_event, acid_ag_alert;
http://blog.terryburton.co.uk/2007/09/deleting-old-snort-and-base-event-data.html
2012/12/10
2012/12/11後記
升到 barnyard2-1.11 後在base又出現跟之前相同的情況
看不到特徵值的名稱
改了好多東西都沒辦法
而且目前找不到相關文件
改回之前的版本就正常barnyard2-1.9
算了 先改回來
另外
snort 2.9.4-1 一定要把 $SO_RULE_PATH打開
之前的版本預設都不用開
不然事件會都無法偵測且記錄
===========================================
自從12/6升到snort 2.9.4-1的版本後
資料庫的資料就異常的少
剛好今天在snort的blog發現
barnyard2有更新版本(新官網)
看來這個blog的訊息還滿多的(已訂rss)
所以來升級一下看看狀況會不會改善
先備份 /usr/bin/barnyard2及 /etc/barnyard2/barnyard2.conf
升級步驟如下
解壓source後進到目錄
autogen.sh
./configure --bindir=/usr/bin --sysconfdir=/etc/barnyard2 --with-mysql
make && make install
再依照原本的barnyard2.conf改一下
========barnyard2.conf===============
#
# Barnyard2 example configuration file
#
#
# This file contains a sample barnyard2 configuration.
# You can take the following steps to create your own custom configuration:
#
# 1) Configure the variable declarations
# 2) Setup the input plugins
# 3) Setup the output plugins
#
#
# Step 1: configure the variable declarations
#
# in order to keep from having a commandline that uses every letter in the
# alphabet most configuration options are set here.
# use UTC for timestamps
#
#config utc
# set the appropriate paths to the file(s) your Snort process is using.
#
config reference_file: /etc/snort/rule/etc/reference.config
config classification_file: /etc/snort/rule/etc/classification.config
config gen_file: /etc/snort/rule/etc/gen-msg.map
config sid_file: /etc/snort/rule/etc/sid-msg.map
# Set the event cache size to defined max value before recycling of event occur.
#
#
#config event_cache_size: 4096
# define dedicated references similar to that of snort.
#
#config reference: mybugs http://www.mybugs.com/?s=
# define explicit classifications similar to that of snort.
#
#config classification: shortname, short description, priority
# set the directory for any output logging
#
#config logdir: /tmp
# to ensure that any plugins requiring some level of uniqueness in their output
# the alert_with_interface_name, interface and hostname directives are provided.
# An example of usage would be to configure them to the values of the associated
# snort process whose unified files you are reading.
#
# Example:
# For a snort process as follows:
# snort -i eth0 -c /etc/snort.conf
#
# Typical options would be:
# config hostname: thor
# config interface: eth0
# config alert_with_interface_name
#
#config hostname: thor
#config interface: eth0
config hostname: localhost
config interface: eth1
# enable printing of the interface name when alerting.
#
#config alert_with_interface_name
# at times snort will alert on a packet within a stream and dump that stream to
# the unified output. barnyard2 can generate output on each packet of that
# stream or the first packet only.
#
#config alert_on_each_packet_in_stream
# enable daemon mode
#
#config daemon
# make barnyard2 process chroot to directory after initialisation.
#
#config chroot: /var/spool/barnyard2
# specifiy the group or GID for barnyard2 to run as after initialisation.
#
#config set_gid: 999
# specifiy the user or UID for barnyard2 to run as after initialisation.
#
#config set_uid: 999
# specify the directory for the barnyard2 PID file.
#
#config pidpath: /var/run/by2.pid
# enable decoding of the data link (or second level headers).
#
#config decode_data_link
# dump the application data
#
#config dump_payload
# dump the application data as chars only
#
#config dump_chars_only
# enable verbose dumping of payload information in log style output plugins.
#
#config dump_payload_verbose
# enable obfuscation of logged IP addresses.
#
#config obfuscate
# enable the year being shown in timestamps
#
#config show_year
# set the umask for all files created by the barnyard2 process (eg. log files).
#
#config umask: 066
# enable verbose logging
#
#config verbose
# quiet down some of the output
#
#config quiet
# define the full waldo filepath.
#
#config waldo_file: /tmp/waldo
# specificy the maximum length of the MPLS label chain
#
#config max_mpls_labelchain_len: 64
# specify the protocol (ie ipv4, ipv6, ethernet) that is encapsulated by MPLS.
#
#config mpls_payload_type: ipv4
# set the reference network or homenet which is predominantly used by the
# log_ascii plugin.
#
#config reference_net: 192.168.0.0/24
#
# CONTINOUS MODE
#
# set the archive directory for use with continous mode
#
#config archivedir: /tmp
# when in operating in continous mode, only process new records and ignore any
# existing unified files
#
#config process_new_records_only
#
# Step 2: setup the input plugins
#
# this is not hard, only unified2 is supported ;)
input unified2
#
# Step 3: setup the output plugins
#
# alert_cef
# ----------------------------------------------------------------------------
#
# Purpose:
# This output module provides the abilty to output alert information to a
# remote network host as well as the local host using the open standard
# Common Event Format (CEF).
#
# Arguments: host=hostname[:port], severity facility
# arguments should be comma delimited.
# host - specify a remote hostname or IP with optional port number
# this is only specific to WIN32 (and is not yet fully supported)
# severity - as defined in RFC 3164 (eg. LOG_WARN, LOG_INFO)
# facility - as defined in RFC 3164 (eg. LOG_AUTH, LOG_LOCAL0)
#
# Examples:
# output alert_cef
# output alert_cef: host=192.168.10.1
# output alert_cef: host=sysserver.com:1001
# output alert_cef: LOG_AUTH LOG_INFO
#
# alert_bro
# ----------------------------------------------------------------------------
#
# Purpose: Send alerts to a Bro-IDS instance.
#
# Arguments: hostname:port
#
# Examples:
# output alert_bro: 127.0.0.1:47757
# alert_fast
# ----------------------------------------------------------------------------
# Purpose: Converts data to an approximation of Snort's "fast alert" mode.
#
# Arguments: file <file>, stdout
# arguments should be comma delimited.
# file - specifiy alert file
# stdout - no alert file, just print to screen
#
# Examples:
# output alert_fast
# output alert_fast: stdout
#
output alert_fast: stdout
# prelude: log to the Prelude Hybrid IDS system
# ----------------------------------------------------------------------------
#
# Purpose:
# This output module provides logging to the Prelude Hybrid IDS system
#
# Arguments: profile=snort-profile
# snort-profile - name of the Prelude profile to use (default is snort).
#
# Snort priority to IDMEF severity mappings:
# high < medium < low < info
#
# These are the default mapped from classification.config:
# info = 4
# low = 3
# medium = 2
# high = anything below medium
#
# Examples:
# output alert_prelude
# output alert_prelude: profile=snort-profile-name
#
# alert_syslog
# ----------------------------------------------------------------------------
#
# Purpose:
# This output module provides the abilty to output alert information to local syslog
#
# severity - as defined in RFC 3164 (eg. LOG_WARN, LOG_INFO)
# facility - as defined in RFC 3164 (eg. LOG_AUTH, LOG_LOCAL0)
#
# Examples:
# output alert_syslog
# output alert_syslog: LOG_AUTH LOG_INFO
#
# syslog_full
#-------------------------------
# Available as both a log and alert output plugin. Used to output data via TCP/UDP or LOCAL ie(syslog())
# Arguments:
# sensor_name $sensor_name - unique sensor name
# server $server - server the device will report to
# local - if defined, ignore all remote information and use syslog() to send message.
# protocol $protocol - protocol device will report over (tcp/udp)
# port $port - destination port device will report to (default: 514)
# delimiters $delimiters - define a character that will delimit message sections ex: "|", will use | as message section delimiters. (default: |)
# separators $separators - define field separator included in each message ex: " " , will use space as field separator. (default: [:space:])
# operation_mode $operaion_mode - default | complete : default mode is compatible with default snort syslog message, complete prints more information such as the raw packet (hexed)
# log_priority $log_priority - used by local option for syslog priority call. (man syslog(3) for supported options) (default: LOG_INFO)
# log_facility $log_facility - used by local option for syslog facility call. (man syslog(3) for supported options) (default: LOG_USER)
# Usage Examples:
# output alert_syslog_full: sensor_name snortIds1-eth2, server xxx.xxx.xxx.xxx, protocol udp, port 514, operation_mode default
# output alert_syslog_full: sensor_name snortIds1-eth2, server xxx.xxx.xxx.xxx, protocol udp, port 514, operation_mode complete
# output log_syslog_full: sensor_name snortIds1-eth2, server xxx.xxx.xxx.xxx, protocol udp, port 514, operation_mode default
# output log_syslog_full: sensor_name snortIds1-eth2, server xxx.xxx.xxx.xxx, protocol udp, port 514, operation_mode complete
# output alert_syslog_full: sensor_name snortIds1-eth2, server xxx.xxx.xxx.xxx, protocol udp, port 514
# output log_syslog_full: sensor_name snortIds1-eth2, server xxx.xxx.xxx.xxx, protocol udp, port 514
# output alert_syslog_full: sensor_name snortIds1-eth2, local
# output log_syslog_full: sensor_name snortIds1-eth2, local, log_priority LOG_CRIT,log_facility LOG_CRON
# log_ascii
# ----------------------------------------------------------------------------
#
# Purpose: This output module provides the default packet logging funtionality
#
# Arguments: None.
#
# Examples:
# output log_ascii
#
# log_tcpdump
# ----------------------------------------------------------------------------
#
# Purpose
# This output module logs packets in binary tcpdump format
#
# Arguments:
# The only argument is the output file name.
#
# Examples:
# output log_tcpdump: tcpdump.log
#
# sguil
# ----------------------------------------------------------------------------
#
# Purpose: This output module provides logging ability for the sguil interface
# See doc/README.sguil
#
# Arguments: agent_port <port>, sensor_name <name>
# arguments should be comma delimited.
# agent_port - explicitly set the sguil agent listening port
# (default: 7736)
# sensor_name - explicitly set the sensor name
# (default: machine hostname)
#
# Examples:
# output sguil
# output sguil: agent_port=7000
# output sguil: sensor_name=argyle
# output sguil: agent_port=7000, sensor_name=argyle
#
# database: log to a variety of databases
# ----------------------------------------------------------------------------
#
# Purpose: This output module provides logging ability to a variety of databases
# See doc/README.database for additional information.
#
# Examples:
# output database: log, mysql, user=root password=test dbname=db host=localhost
# output database: alert, postgresql, user=snort dbname=snort
# output database: log, odbc, user=snort dbname=snort
# output database: log, mssql, dbname=snort user=snort password=test
# output database: log, oracle, dbname=snort user=snort password=test
#
output database: alert, mysql, user=aaa password=bbb dbname=snort host=127.0.0.1
# alert_fwsam: allow blocking of IP's through remote services
# ----------------------------------------------------------------------------
# output alert_fwsam: <SnortSam Station>:<port>/<key>
#
# <FW Mgmt Station>: IP address or host name of the host running SnortSam.
# <port>: Port the remote SnortSam service listens on (default 898).
# <key>: Key used for authentication (encryption really)
# of the communication to the remote service.
#
# Examples:
#
# output alert_fwsam: snortsambox/idspassword
# output alert_fwsam: fw1.domain.tld:898/mykey
# output alert_fwsam: 192.168.0.1/borderfw 192.168.1.254/wanfw
#
#
升到 barnyard2-1.11 後在base又出現跟之前相同的情況
看不到特徵值的名稱
改了好多東西都沒辦法
而且目前找不到相關文件
改回之前的版本就正常barnyard2-1.9
算了 先改回來
另外
snort 2.9.4-1 一定要把 $SO_RULE_PATH打開
之前的版本預設都不用開
不然事件會都無法偵測且記錄
===========================================
自從12/6升到snort 2.9.4-1的版本後
資料庫的資料就異常的少
剛好今天在snort的blog發現
barnyard2有更新版本(新官網)
看來這個blog的訊息還滿多的(已訂rss)
所以來升級一下看看狀況會不會改善
先備份 /usr/bin/barnyard2及 /etc/barnyard2/barnyard2.conf
升級步驟如下
解壓source後進到目錄
autogen.sh
./configure --bindir=/usr/bin --sysconfdir=/etc/barnyard2 --with-mysql
make && make install
再依照原本的barnyard2.conf改一下
========barnyard2.conf===============
#
# Barnyard2 example configuration file
#
#
# This file contains a sample barnyard2 configuration.
# You can take the following steps to create your own custom configuration:
#
# 1) Configure the variable declarations
# 2) Setup the input plugins
# 3) Setup the output plugins
#
#
# Step 1: configure the variable declarations
#
# in order to keep from having a commandline that uses every letter in the
# alphabet most configuration options are set here.
# use UTC for timestamps
#
#config utc
# set the appropriate paths to the file(s) your Snort process is using.
#
config reference_file: /etc/snort/rule/etc/reference.config
config classification_file: /etc/snort/rule/etc/classification.config
config gen_file: /etc/snort/rule/etc/gen-msg.map
config sid_file: /etc/snort/rule/etc/sid-msg.map
# Set the event cache size to defined max value before recycling of event occur.
#
#
#config event_cache_size: 4096
# define dedicated references similar to that of snort.
#
#config reference: mybugs http://www.mybugs.com/?s=
# define explicit classifications similar to that of snort.
#
#config classification: shortname, short description, priority
# set the directory for any output logging
#
#config logdir: /tmp
# to ensure that any plugins requiring some level of uniqueness in their output
# the alert_with_interface_name, interface and hostname directives are provided.
# An example of usage would be to configure them to the values of the associated
# snort process whose unified files you are reading.
#
# Example:
# For a snort process as follows:
# snort -i eth0 -c /etc/snort.conf
#
# Typical options would be:
# config hostname: thor
# config interface: eth0
# config alert_with_interface_name
#
#config hostname: thor
#config interface: eth0
config hostname: localhost
config interface: eth1
# enable printing of the interface name when alerting.
#
#config alert_with_interface_name
# at times snort will alert on a packet within a stream and dump that stream to
# the unified output. barnyard2 can generate output on each packet of that
# stream or the first packet only.
#
#config alert_on_each_packet_in_stream
# enable daemon mode
#
#config daemon
# make barnyard2 process chroot to directory after initialisation.
#
#config chroot: /var/spool/barnyard2
# specifiy the group or GID for barnyard2 to run as after initialisation.
#
#config set_gid: 999
# specifiy the user or UID for barnyard2 to run as after initialisation.
#
#config set_uid: 999
# specify the directory for the barnyard2 PID file.
#
#config pidpath: /var/run/by2.pid
# enable decoding of the data link (or second level headers).
#
#config decode_data_link
# dump the application data
#
#config dump_payload
# dump the application data as chars only
#
#config dump_chars_only
# enable verbose dumping of payload information in log style output plugins.
#
#config dump_payload_verbose
# enable obfuscation of logged IP addresses.
#
#config obfuscate
# enable the year being shown in timestamps
#
#config show_year
# set the umask for all files created by the barnyard2 process (eg. log files).
#
#config umask: 066
# enable verbose logging
#
#config verbose
# quiet down some of the output
#
#config quiet
# define the full waldo filepath.
#
#config waldo_file: /tmp/waldo
# specificy the maximum length of the MPLS label chain
#
#config max_mpls_labelchain_len: 64
# specify the protocol (ie ipv4, ipv6, ethernet) that is encapsulated by MPLS.
#
#config mpls_payload_type: ipv4
# set the reference network or homenet which is predominantly used by the
# log_ascii plugin.
#
#config reference_net: 192.168.0.0/24
#
# CONTINOUS MODE
#
# set the archive directory for use with continous mode
#
#config archivedir: /tmp
# when in operating in continous mode, only process new records and ignore any
# existing unified files
#
#config process_new_records_only
#
# Step 2: setup the input plugins
#
# this is not hard, only unified2 is supported ;)
input unified2
#
# Step 3: setup the output plugins
#
# alert_cef
# ----------------------------------------------------------------------------
#
# Purpose:
# This output module provides the abilty to output alert information to a
# remote network host as well as the local host using the open standard
# Common Event Format (CEF).
#
# Arguments: host=hostname[:port], severity facility
# arguments should be comma delimited.
# host - specify a remote hostname or IP with optional port number
# this is only specific to WIN32 (and is not yet fully supported)
# severity - as defined in RFC 3164 (eg. LOG_WARN, LOG_INFO)
# facility - as defined in RFC 3164 (eg. LOG_AUTH, LOG_LOCAL0)
#
# Examples:
# output alert_cef
# output alert_cef: host=192.168.10.1
# output alert_cef: host=sysserver.com:1001
# output alert_cef: LOG_AUTH LOG_INFO
#
# alert_bro
# ----------------------------------------------------------------------------
#
# Purpose: Send alerts to a Bro-IDS instance.
#
# Arguments: hostname:port
#
# Examples:
# output alert_bro: 127.0.0.1:47757
# alert_fast
# ----------------------------------------------------------------------------
# Purpose: Converts data to an approximation of Snort's "fast alert" mode.
#
# Arguments: file <file>, stdout
# arguments should be comma delimited.
# file - specifiy alert file
# stdout - no alert file, just print to screen
#
# Examples:
# output alert_fast
# output alert_fast: stdout
#
output alert_fast: stdout
# prelude: log to the Prelude Hybrid IDS system
# ----------------------------------------------------------------------------
#
# Purpose:
# This output module provides logging to the Prelude Hybrid IDS system
#
# Arguments: profile=snort-profile
# snort-profile - name of the Prelude profile to use (default is snort).
#
# Snort priority to IDMEF severity mappings:
# high < medium < low < info
#
# These are the default mapped from classification.config:
# info = 4
# low = 3
# medium = 2
# high = anything below medium
#
# Examples:
# output alert_prelude
# output alert_prelude: profile=snort-profile-name
#
# alert_syslog
# ----------------------------------------------------------------------------
#
# Purpose:
# This output module provides the abilty to output alert information to local syslog
#
# severity - as defined in RFC 3164 (eg. LOG_WARN, LOG_INFO)
# facility - as defined in RFC 3164 (eg. LOG_AUTH, LOG_LOCAL0)
#
# Examples:
# output alert_syslog
# output alert_syslog: LOG_AUTH LOG_INFO
#
# syslog_full
#-------------------------------
# Available as both a log and alert output plugin. Used to output data via TCP/UDP or LOCAL ie(syslog())
# Arguments:
# sensor_name $sensor_name - unique sensor name
# server $server - server the device will report to
# local - if defined, ignore all remote information and use syslog() to send message.
# protocol $protocol - protocol device will report over (tcp/udp)
# port $port - destination port device will report to (default: 514)
# delimiters $delimiters - define a character that will delimit message sections ex: "|", will use | as message section delimiters. (default: |)
# separators $separators - define field separator included in each message ex: " " , will use space as field separator. (default: [:space:])
# operation_mode $operaion_mode - default | complete : default mode is compatible with default snort syslog message, complete prints more information such as the raw packet (hexed)
# log_priority $log_priority - used by local option for syslog priority call. (man syslog(3) for supported options) (default: LOG_INFO)
# log_facility $log_facility - used by local option for syslog facility call. (man syslog(3) for supported options) (default: LOG_USER)
# Usage Examples:
# output alert_syslog_full: sensor_name snortIds1-eth2, server xxx.xxx.xxx.xxx, protocol udp, port 514, operation_mode default
# output alert_syslog_full: sensor_name snortIds1-eth2, server xxx.xxx.xxx.xxx, protocol udp, port 514, operation_mode complete
# output log_syslog_full: sensor_name snortIds1-eth2, server xxx.xxx.xxx.xxx, protocol udp, port 514, operation_mode default
# output log_syslog_full: sensor_name snortIds1-eth2, server xxx.xxx.xxx.xxx, protocol udp, port 514, operation_mode complete
# output alert_syslog_full: sensor_name snortIds1-eth2, server xxx.xxx.xxx.xxx, protocol udp, port 514
# output log_syslog_full: sensor_name snortIds1-eth2, server xxx.xxx.xxx.xxx, protocol udp, port 514
# output alert_syslog_full: sensor_name snortIds1-eth2, local
# output log_syslog_full: sensor_name snortIds1-eth2, local, log_priority LOG_CRIT,log_facility LOG_CRON
# log_ascii
# ----------------------------------------------------------------------------
#
# Purpose: This output module provides the default packet logging funtionality
#
# Arguments: None.
#
# Examples:
# output log_ascii
#
# log_tcpdump
# ----------------------------------------------------------------------------
#
# Purpose
# This output module logs packets in binary tcpdump format
#
# Arguments:
# The only argument is the output file name.
#
# Examples:
# output log_tcpdump: tcpdump.log
#
# sguil
# ----------------------------------------------------------------------------
#
# Purpose: This output module provides logging ability for the sguil interface
# See doc/README.sguil
#
# Arguments: agent_port <port>, sensor_name <name>
# arguments should be comma delimited.
# agent_port - explicitly set the sguil agent listening port
# (default: 7736)
# sensor_name - explicitly set the sensor name
# (default: machine hostname)
#
# Examples:
# output sguil
# output sguil: agent_port=7000
# output sguil: sensor_name=argyle
# output sguil: agent_port=7000, sensor_name=argyle
#
# database: log to a variety of databases
# ----------------------------------------------------------------------------
#
# Purpose: This output module provides logging ability to a variety of databases
# See doc/README.database for additional information.
#
# Examples:
# output database: log, mysql, user=root password=test dbname=db host=localhost
# output database: alert, postgresql, user=snort dbname=snort
# output database: log, odbc, user=snort dbname=snort
# output database: log, mssql, dbname=snort user=snort password=test
# output database: log, oracle, dbname=snort user=snort password=test
#
output database: alert, mysql, user=aaa password=bbb dbname=snort host=127.0.0.1
# alert_fwsam: allow blocking of IP's through remote services
# ----------------------------------------------------------------------------
# output alert_fwsam: <SnortSam Station>:<port>/<key>
#
# <FW Mgmt Station>: IP address or host name of the host running SnortSam.
# <port>: Port the remote SnortSam service listens on (default 898).
# <key>: Key used for authentication (encryption really)
# of the communication to the remote service.
#
# Examples:
#
# output alert_fwsam: snortsambox/idspassword
# output alert_fwsam: fw1.domain.tld:898/mykey
# output alert_fwsam: 192.168.0.1/borderfw 192.168.1.254/wanfw
#
#
2012/12/08
今天在寫完新的網路支援頁面之後
進到http://www.google.com/intl/zh-TW/analytics/要註冊使用時
發現使用
https://sites.google.com/site/wangluzhiyuan/
竟然無法註冊
必須再加上home(如下)
https://sites.google.com/site/wangluzhiyuan/home
才能註冊成功
留一下記錄
進到http://www.google.com/intl/zh-TW/analytics/要註冊使用時
發現使用
https://sites.google.com/site/wangluzhiyuan/
竟然無法註冊
必須再加上home(如下)
https://sites.google.com/site/wangluzhiyuan/home
才能註冊成功
留一下記錄
2012/12/05
今天廠商介紹的二套好用的wireless 軟体
http://www.ekahau.com/products/heatmapper/overview.html
http://www.metageek.net/products/inssider/
http://phorum.study-area.org/index.php?topic=60793.0
12/8後記
http://www.metageek.net/docs/wireless-networking-tools/
http://www.meraki.com/products/wireless/wifi-mapper
http://www.netspotapp.com/
http://www.wolfwifi.com/index.html
(AIRMAGNET)
http://www.airmagnet.com
(EKAHAU SITE SURVEY)
http://www.ekahau.com/
(VISIWAVE SITE SURVEY)
http://www.visiwave.com
(MERITECH WIFI NETWORK SURVEY AND DESIGN)
http://www.meritechsolutions.com/
http://www.metageek.net/forums/showthread.php?3412-Top-Wireless-WiFi-Site-Survey-Software
http://www.ekahau.com/products/heatmapper/overview.html
http://www.metageek.net/products/inssider/
http://phorum.study-area.org/index.php?topic=60793.0
12/8後記
http://www.metageek.net/docs/wireless-networking-tools/
http://www.meraki.com/products/wireless/wifi-mapper
http://www.netspotapp.com/
http://www.wolfwifi.com/index.html
(AIRMAGNET)
http://www.airmagnet.com
(EKAHAU SITE SURVEY)
http://www.ekahau.com/
(VISIWAVE SITE SURVEY)
http://www.visiwave.com
(MERITECH WIFI NETWORK SURVEY AND DESIGN)
http://www.meritechsolutions.com/
http://www.metageek.net/forums/showthread.php?3412-Top-Wireless-WiFi-Site-Survey-Software
2012/12/04
MySQL 語法匯整
1. 基礎語法
操作功能 SQL 語法
說明
建立資料庫 create database 資料庫名稱;
列出所有資料庫 show databases;
刪除資料庫 drop database 資料庫名稱;
使用資料庫 use 資料庫名稱;
建立資料表 create table 資料表名稱(
sn integer auto_increment primary key,
name char(20),
mail char(50),
home char(50),
messages char(50)
); 常用資料庫資料型態
1. INT (整數)
2. CHAR (1~255字元字串)
3. VARCHAR (不超過255字元不定長度字串)
4. TEXT (不定長度字串最多65535字元)
列出資料表欄位資訊 describe 資料表名稱;
修改資料表欄位 alter table 資料表名稱
charange column 原來欄位名稱
新欄位名稱資料型態;
新增資料表欄位 alter table 資料表名稱 add column 欄位名稱 資料型態;
刪除資料表欄位 alter table 資料表名稱 drop column 欄位名稱;
刪除資料表 drop 資料表名稱;
插入欄位資料 insert into 資料表名稱(欄位1,欄位2,欄位3,欄位4, ...... 欄位N)
values('值1','值2','值3','值4', ...... '值N');
更新修改欄位資料 update 資料表名稱 set 欄位1='值1',欄位2='值2',欄位3='值3',... 欄位N='值N'
where 條件式 (例如 sn='5' 或 name='塔司尼' );
查詢單一欄位資料 select 欄位名 from 資料表名稱;
查詢多個欄位資料 select 欄位名, 欄位名, 欄位名 from 資料表名稱;
查詢欄位資料的唯一值 select distinct 欄位名 from 資料表名稱; 重複值只列一次
查詢所有欄位資料 select * from 資料表名稱;
條件式查詢 select * from 資料表名稱 where 條件式 (例如 sn='5'); (=, <, >, !=)
條件式查詢 and select * from 資料表名稱 where 條件式1 and 條件式2;
條件式查詢 or select * from 資料表名稱 where 條件式1 or 條件式2;
查詢某一範圍 between select * from 資料表名稱 where 欄位名 between 值1 and 值2 值為數字
查詢空值欄位的資料 select * from 資料表名稱 where 欄位名 is null not null
查詢特定筆數資料 select * from 資料表名稱 limit 8, 10; 第9筆開始選取10筆
查詢結果遞增排序 select * from 資料表名稱 order by 欄位名;
查詢結果遞減排序 select * from 資料表名稱 order by 欄位名 desc ;
查詢比對字串列出單一欄位 select 欄位名 from 資料表名稱 where 欄位名 like '%字串%';
查詢比對字串列出所有欄位 select * from 資料表名稱 where 欄位名 like '%字串%';
刪除條件值資料 delete from 資料表名稱 where 條件式 (例如 sn='5' 或 id='91001' );
刪除條件值資料 delete from 資料表名稱 where 條件式1
and 條件式2;
刪除條件值資料 delete from 資料表名稱 where 條件式1 or 條件式2;
比對刪除條件值資料 delete from 資料表名稱 where 欄位名 like '%字串%';
2. 進階語法
操作功能 SQL 語法
說明
列出正在執行的行程。 show processlist;
轉貼自 http://note.drx.tw/2012/12/mysql-syntax.html
訂閱:
文章 (Atom)