Internet Express for Tru64 UNIX Version 6.8 Administration Guide (14233)

Figure 9-21 View Log File Page

To specify the types of events to be recorded in the FireScreen log file, access the Configure

FireScreen menu and choose Set Options. See Section 9.2.2.1: Setting Command-Line Options

for more information.

9.2.4.3 Viewing FireScreen Statistics

FireScreen invokes the /usr/sbin/screenstat command to display statistics for IP packet

handling.

To view FireScreen statistics, choose View Statistics from the View FireScreen Status menu.

The statistics are displayed (Figure 9-22).

Figure 9-22 View Statistics Page

9.3 Snort Intrusion Detection System

Snort is an intrusion detection system which enables you to log packets, and track network

activity on IP networks. Snort files are installed in the following directories:

SubsetContentsDirectory

IAESNORTSnort executable Snort configuration file/usr/internet/security

IAESNORTSnort documentation/usr/internet/docs/snort

On Tru64 UNIX, Snort runs in two different modes: sniffer, packet logger, and network intrusion

detection. Network intrusion detection currently does not work on Tru64 UNIX. In sniffer mode,

Snort will continually read packets from the network and display them on the console. In packet

logger mode, it will write the packets to a log file on disk.

• Sniffer Mode — display TCP/IP packet headers

./snort -v (show IP and TCP/UDP/ICMP headers)

./snort -vd (include packet data)

188 Network Security Administration