Snort mailing list archives
Very Limited Logging
From: Brian Swan <steelysama () gmail com>
Date: Wed, 26 Sep 2012 13:55:42 -0500
Hi all, I am having a strange problem with Snort. I recently installed it along with Barnyard2 on a CentOS 6.3 64-bit machine. They both seemingly run fine, but it looks like Snort is not committing very much at all to the log files. All of the log files (I am using the unified2 type) are very small, some of them empty, and Barnyard is registering only a single signature repeatedly and at sparse intervals: 09/26-07:34:15.475267 [**] [1:23493:1] BOTNET-CNC Trojan.ZeroAccess outbound communication [**] [Classification: A Network Trojan was Detected] [Priority: 1] {UDP} 77.8.197.82:57155 -> ***edited out*** The target IP is not from my machine, it is just on the same subnet. I have tried adjusting all kinds of settings and nothing seems to make a difference. The logging remains extremely sparse and seems confined to only this one signature. Snort v. 2.9.3.1 Barnyard2 v. 2.1.9 I will post output that might help. Thank you, Steely
------------------------------------------------------------------------------ How fast is your code? 3 out of 4 devs don\\\'t know how their code performs in production. Find out how slow your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219672;13503038;z? http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Very Limited Logging Brian Swan (Sep 26)
- Re: Very Limited Logging Joel Esler (Sep 26)