Re: Snort-users digest, Vol 1 #5395 - 2 msgs

[sarma nmrk <nmrksharma () gmail com>]

Dear all,

I am using the snort 2.4.3 and alerts are loged in the
/var/log/snort/alert.I commented this line in snort.conf

#output alert_syslog: LOG_AUTH LOG_ALERT

Using swatch i am trying to generate the real time alerts but i am not able
to get complete alert in the mail.

It is just searching the Key word and sending me a mail of  that line only.

ICMP TTL:32 TOS:0x0 ID:51019 IpLen:20 DgmLen:60.

I uncommeted the line snort.conf

output alert_syslog: LOG_AUTH LOG_ALERT

All my snort alerts are logged to /var/log/messages.

Then i am getting complete real time alerts.

nov 24 12:54:13 hcs-monitor snort[6495]: [1:466:5] ICMP L3retriever Ping
[Classification: Attempted Information Leak] [Priority: 2]: {ICMP}
172.16.131.227 -> 172.20.1.4

Can any one please let me know if i can use the snort to log alerts in both
the files

*/var/log/messages and /var/log/snort/alert.*

I am unable to generate the hostoric reports like one month report using the
/var/log/messages  file.

it is giving me error

No correct logs found

can Any one help me in this regard