Help with logging structure

["Gerardo Gregory" <ggregory () affinitas net>]

I am starting to play with snort, evaluate to see if it can play a role in
our security structure.  So bear with me if this seems repetitive.

I installed the RPM package of snort, it created a directory in /etc/ called
snort and dumped everything there, then in /var/log/ it also went and
created a directory called snort, finally a file called portscan.log was
dumped in /

is this normal????

also how to I modify which file to send logs to, I have tried using some of
the plug-ins but it seems not to work when I enter values such as
/var/log/snort/portscan.log (attempting to move the portscan.log under
/var/log/snort/ and away from /)

example: running snort without any variables logs to /var/log/snort/alert
if i start snort with a variable -s (it's supposed to go to syslog) it
doesnt log anything anywhere....

/var/log/secure is empty, /var/log/messages only has ICMP echo / echo-reply
[and I think that is the system logging does not snort ]

any pointers, or help will be appreciated

thanks,

GG


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users