Snort mailing list archives
log display problem?
From: "Cedric Raguenaud" <c.raguenaud () dcs napier ac uk>
Date: Thu, 20 Dec 2001 13:41:20 -0000
Hello, I hopw this not a dummy question and I didn't spot in the list archive. I noticed something recently in my snort logs: some of the packets that are recorded are not displayed when I list them with options vdr. These packets are HTTP packets that contain the IIS .ida exploit. I know that they are logged because I see them in the content of the binary log file and in the snort.alert file, but when I display the binary log file through snort, they are not displayed and they are listed as "other" protocol. Here is how I log: output alert_syslog: LOG_AUTH LOG_ALERT output alert_full: /var/log/snort.alert output log_tcpdump: snort.log Is there a known issue here or am I doing something wrong? Any help would be appreciated. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- log display problem? Cedric Raguenaud (Dec 20)