Snort mailing list archives
Snort + OpenBSD3.0 "Easy" Questions
From: Ken Schweigert <ken () byte-productions com>
Date: Wed, 17 Apr 2002 12:34:51 -0400
I just launched my first snort sensor and have a few questions. I wanted to search the archives, but snort.org seems to be having some problems this morning. Background: I've been running linux for about 3 years. Feeling brave, I decided to try OpenBSD-3.0 and Snort-1.8.6. OpenBSD is running fine, and Snort is logging alerts inside /var/log/snort. Q1: Although I have the -s switch specified, none of the alerts get logged to syslog, only to /var/log/snort. Snort was started with: /usr/local/bin/snort -d -s -c /etc/snort/snort.conf -A full -D
From my snort.conf file:
bash-2.05# grep syslog snort.conf # alert_syslog: log alerts to syslog # Use one or more syslog facilities as arguments output alert_syslog: LOG_AUTH LOG_ALERT # This example will create a rule type that will log to syslog # output alert_syslog: LOG_AUTH LOG_ALERT Q2: Will 'kill -s SIGUSR1 <Snort-PID>' produce statistics on OpenBSD? Is this a linux-specific thing? bash-2.05# ps ax PID TT STAT TIME COMMAND 1 ?? Is 0:00.01 /sbin/init 28525 ?? Is 0:00.29 syslogd 29680 ?? Is 0:00.00 portmap 23386 ?? Is 0:00.00 inetd 30898 ?? Is 0:00.01 /usr/sbin/sshd 16670 ?? Ss 0:00.53 cron 10538 ?? Ss 0:45.06 /usr/local/bin/snort -d -s -c /etc/snort/snort.conf -A full -D 15207 ?? S 0:00.12 sshd: ken@ttyp0 (sshd) 10684 p0 Is 0:00.01 -bash (bash) 30697 p0 S 0:00.02 -bash (bash) 14776 p0 R+ 0:00.00 ps -ax 473 C0 Is+ 0:00.00 /usr/libexec/getty Pc ttyC0 10147 C1 Is+ 0:00.00 /usr/libexec/getty Pc ttyC1 7790 C2 Is+ 0:00.00 /usr/libexec/getty Pc ttyC2 14525 C3 Is+ 0:00.00 /usr/libexec/getty Pc ttyC3 29643 C5 Is+ 0:00.00 /usr/libexec/getty Pc ttyC5 bash-2.05# kill -s SIGUSR1 10538 bash-2.05# If these are easy one's, then I guess this round's on me. :) If nothing else, at least I got to introduce myself. -- -Ken Schweigert, Aspiring Network Administrator Byte Productions, LLC http://www.byte-productions.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort + OpenBSD3.0 "Easy" Questions Ken Schweigert (Apr 17)
- Re: Snort + OpenBSD3.0 "Easy" Questions [Solved] Ken Schweigert (Apr 19)