Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort 8.2 with snort2html

From: "Rick Updegrove" <rickupdegrove () hotmail com>
Date: Wed, 5 Dec 2001 12:19:45 -0800
Ok,

I found out that the logs are going to /var/log/authlog rather than
/var/log/secure for some reason with -s  so I specified it in snort.conf
with:

output alert_syslog: LOG_AUTHPRIV

and removed the -s from the startup line.


----- Original Message -----
From: "Rick Updegrove" <rickupdegrove () hotmail com>
To: <snort-users () lists sourceforge net>
Sent: Wednesday, December 05, 2001 10:29 AM
Subject: [Snort-users] snort 8.2 with snort2html



Hello,

I have been successfully using snort 1.7 for a while with snort2html 1.6

I do not have access to my previous configurations at this time but to the
best of my recollection, I am doing what I normally do.  My main problem
that I can see is that snort is not logging to "/var/log/secure" like it
needs to do in order to use snort2html.

According to man snort the -s option should do this.  So I use the

following

to start snort:

/usr/local/bin/snort -s -Afull -c

/usr/local/share/examples/snort/snort.conf


Yet nothing gets logged to "/var/log/secure" thus snort2html doesn't

create

anything other than a "empty" page.

I do see the alerts on the screen however, for example:

Dec  5 10:23:47 cerberus snort[15378]: [1:382:4] ICMP PING Windows
[Classification: Misc activity] [Priority: 3]: {ICMP} 64.166.46.11 ->
64.166.46.10
Dec  5 10:23:47 cerberus snort[15378]: [1:382:4] ICMP PING Windows
[Classification: Misc activity] [Priority: 3]: {ICMP} 64.166.46.11 ->
64.166.46.10
Dec  5 10:23:47 cerberus snort[15378]: [1:382:4] ICMP PING Windows
[Classification: Misc activity] [Priority: 3]: {ICMP} 64.166.46.11 ->
64.166.46.10
Dec  5 10:23:47 cerberus snort[15378]: [1:408:4] ICMP Echo Reply
[Classification: Misc activity] [Priority: 3]: {ICMP} 64.166.46.10 ->
64.166.46.11
Dec  5 10:23:47 cerberus snort[15378]: [1:408:4] ICMP Echo Reply
[Classification: Misc activity] [Priority: 3]: {ICMP} 64.166.46.10 ->
64.166.46.11
Dec  5 10:23:47 cerberus snort[15378]: [1:408:4] ICMP Echo Reply
[Classification: Misc activity] [Priority: 3]: {ICMP} 64.166.46.10 ->
64.166.46.11

etc.

What am I overlooking?

Thanks,


Rick Up








_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: