Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort + OpenBSD3.0 "Easy" Questions [Solved]

From: Ken Schweigert <ken () byte-productions com>
Date: Fri, 19 Apr 2002 10:24:53 -0400
Some followup answers to my own questions.


On Wed, Apr 17, 2002 at 12:34:51PM -0400, Ken Schweigert wrote:

I just launched my first snort sensor and have a few questions.  I
wanted to search the archives, but snort.org seems to be having
some problems this morning.


Other locations for the list archives are at:
  http://sourceforge.net/mailarchive/forum.php?forum_id=3972
  http://www.geocrawler.com/redir-sf.php3?list=snort-users
 

Background:  I've been running linux for about 3 years.  Feeling
brave, I decided to try OpenBSD-3.0 and Snort-1.8.6.  OpenBSD is
running fine, and Snort is logging alerts inside /var/log/snort.

Q1:   Although I have the -s switch specified, none of the alerts
get logged to syslog, only to /var/log/snort.  Snort was started with:
  /usr/local/bin/snort -d -s -c /etc/snort/snort.conf -A full -D 


After commenting out alerting to syslog in snort.conf and then giving
snort a SIGHUP, alerts started writing to /var/log/messages.  I guess
it shouldn't be turned on in the command-line and in the snort.conf.
 

Q2:   Will 'kill -s SIGUSR1 <Snort-PID>' produce statistics on
OpenBSD?  Is this a linux-specific thing?


It's not a linux thing.  Sending SIGUSR1 writes the statistics to
/var/log/messages.
 

If these are easy one's, then I guess this round's on me.  :)
If nothing else, at least I got to introduce myself.


Now that I have it functioning, I'm off to try and get some of the
more advanced features working.

Many thanks to Marty and the Snort Team for all their effort to this
project.  And also to the members of this list who make this list an
enjoyable one to follow.

-- 
-Ken Schweigert, Aspiring Network Administrator
Byte Productions, LLC
http://www.byte-productions.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: