Snort mailing list archives
RE: FW: snort & logging
From: Sven Olensky <sol () intelispan net>
Date: Wed, 13 Jun 2001 19:50:39 -0400
I actually did, thanks for the hint, but its not working still. ps auxww: /usr/local/snort/snort -dvs -c /usr/local/snort/etc/snort.conf -A fast -i eth0 -l /usr/local/snort/log/ snort.conf: [..snip..] preprocessor defrag preprocessor http_decode: 80 8080 preprocessor portscan: $INTERNAL 4 3 /usr/local/snort/log/portscan.log preprocessor portscan-ignorehosts: $DNS_SERVERS [..snip..] include /usr/local/snort/etc/snort.rules snort.rules being the concatenation of all the rules files. syslog: e.g. Jun 13 19:26:19 XXX snort[2683]: IDS255/ddos-shaft-handler-to-agent: 192.168.74.50:1024 -> 192.168.74.41:187 but this never gets written into an "alert" file. However, directories with the source / attacker IP address is created, the info stored in a file in that ip-address/ - directory. Just the alert file is missing. hence, please advise. rwx permissions are cool, too btw.
-----Original Message----- From: Brian Caswell [mailto:bmc () mitre org] Sent: Wednesday, June 13, 2001 5:19 PM To: Sven Olensky Cc: snort-users () lists sourceforge net Subject: Re: FW: [Snort-users] snort & loggingSven Olensky wrote: please advise.Please read README. -- Brian Caswell The MITRE Corporation
Current thread:
- snort & logging Sven Olensky (Jun 11)
- Re: snort & logging John Sage (Jun 11)
- <Possible follow-ups>
- RE: snort & logging Sven Olensky (Jun 11)
- FW: snort & logging Sven Olensky (Jun 13)
- Re: FW: snort & logging Brian Caswell (Jun 13)
- RE: FW: snort & logging Sven Olensky (Jun 13)