Snort mailing list archives
Re: Snort-users digest, Vol 1 #5395 - 2 msgs
From: sarma nmrk <nmrksharma () gmail com>
Date: Thu, 24 Nov 2005 13:29:45 +0530
Dear all, I am using the snort 2.4.3 and alerts are loged in the /var/log/snort/alert.I commented this line in snort.conf #output alert_syslog: LOG_AUTH LOG_ALERT Using swatch i am trying to generate the real time alerts but i am not able to get complete alert in the mail. It is just searching the Key word and sending me a mail of that line only. ICMP TTL:32 TOS:0x0 ID:51019 IpLen:20 DgmLen:60. I uncommeted the line snort.conf output alert_syslog: LOG_AUTH LOG_ALERT All my snort alerts are logged to /var/log/messages. Then i am getting complete real time alerts. nov 24 12:54:13 hcs-monitor snort[6495]: [1:466:5] ICMP L3retriever Ping [Classification: Attempted Information Leak] [Priority: 2]: {ICMP} 172.16.131.227 -> 172.20.1.4 Can any one please let me know if i can use the snort to log alerts in both the files */var/log/messages and /var/log/snort/alert.* I am unable to generate the hostoric reports like one month report using the /var/log/messages file. it is giving me error No correct logs found can Any one help me in this regard
Current thread:
- Re: Snort-users digest, Vol 1 #5395 - 2 msgs sarma nmrk (Nov 24)