Snort mailing list archives
Re: No tcpdump or alert logging
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 17 Apr 2012 12:14:24 -0400
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users On Apr 17, 2012, at 5:22 AM, Jim <greenja9 () cableone net> wrote:
please take me off of the mailing list for now? From: Christian Gebler [mailto:geblerc () googlemail com] Sent: Tuesday, April 17, 2012 3:46 AM To: snort-users () lists sourceforge net Subject: [Snort-users] No tcpdump or alert logging Hello, i am trying to set up Snort v2.9.2 on Ubuntu Server 10.04 LTS. I used the documents from the Snort website for that, and followed them thru the whole Snort, Snortrules, daq and libdnet installation. Now Snort works fine without any Errors and in verbose mode i can see that snort take a look at my LAN. It also said "it's all good" if i run it with the commandline-option "-T". But i also want to log the Tcpdumps and alerts, i use syslog and pcab for that in the snort.conf: 526 # syslog 527 output alert_syslog: LOG_AUTH LOG_INFO 528 529 # pcap 530 output log_tcpdump: tcpdump.log If i start Snort with the following options: /usr/local/snort/bin/snort -u snort -g snort -d -l /var/log/snort -c /usr/local/snort/etc/snort.conf -i eth0 Snort Creates the file "tcpdump.log.1334228358", but thats it. No logging into this file, it is just a 0Kb file. On my system is an older version of Snort from the Ubuntu apt-get package-system, if i use this version, it works fine with logging and so on...But it is the 2.8 version of Snort and i won't use it. Here is my Snort terminal output: http://paste.kde.org/458414/ Thanks for your help! ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- No tcpdump or alert logging Christian Gebler (Apr 17)
- Re: No tcpdump or alert logging Jim (Apr 17)
- Re: No tcpdump or alert logging Joel Esler (Apr 17)
- Re: No tcpdump or alert logging Jim (Apr 17)