Snort mailing list archives
Re: IP Address subdirectories
From: Joe McAlerney <joey () SiliconDefense com>
Date: Mon, 03 Dec 2001 13:15:19 -0800
Well, your syntax is correct. There doesn't seem to be anything in your command line options that would indicate alert_full is being overridden. If you user was non-root, it may be that they don't have write access to /var/log/snort. I don't think the group affects this. I would try the following for testing purposes. 1) remove the -m option 2) Try placing the output alert_full: after the database plugin configuration. Post back if you find anything out. -Joe M. -- Joe McAlerney Software Developer / Security Consultant joey () SiliconDefense com Silicon Defense: IDS Solutions -=- http://www.silicondefense.com/ Phil Lyons wrote:
Hi, Thank you for the response. I have modified my snort.conf file by adding: output alert_full: /var/log/snort/alert as the first output plugin. This is my attempt to get normal IP based directory format by looking at the other output directives. Did I understand this correctly? After adding this to my snort.conf file, the logging output has not changed. i.e., no IP directories are being created. Thanks again, Phil -----cutI see no subdirectories under /var/log/snort for IP addresses.[...]var HOME_NET any output database: log, mysql, user=snort password=xxxxxxxxdbname=snorthost=xx.x.x.xYou are using database logging so you are not doing the normal ip based directory format. You can do that as well ( look at the other output: ) directives in the snort.conf -- Chris Green----->cut ---------------------------------------------------------------------- Get your FREE download of MSN Explorer at http://explorer.msn.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- IP Address subdirectories Phil Lyons (Nov 30)
- Re: IP Address subdirectories John Sage (Nov 30)
- Re: IP Address subdirectories Chris Green (Dec 02)
- <Possible follow-ups>
- Re: IP Address subdirectories Phil Lyons (Dec 03)
- Re: IP Address subdirectories Phil Lyons (Dec 03)
- Re: IP Address subdirectories Joe McAlerney (Dec 03)
- RE: IP Address subdirectories Phil Lyons (Dec 03)
- Re: IP Address subdirectories John Sage (Dec 03)
- Re: IP Address subdirectories Phil Lyons (Dec 04)
- Re: IP Address subdirectories Phil Lyons (Dec 06)
- Re: IP Address subdirectories Phil Lyons (Dec 07)