Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Some Events are not logging to the snort logs

From: "Adam Goldstein" <adam.goldstein () villanova edu>
Date: Wed, 09 Jan 2002 12:21:43 -0500
I am experiencing the same problem.  The Web-IIS ISAPI .ida attempt rule triggers alerts but does not log to the binary 
file.  I am also using the 1.8.3 ruleset (I had the same problem with 1.8.1) and a nearly identical command line but 
without the syslog.
- Adam
adam.goldstein () villanova edu



Date: Tue, 08 Jan 2002 22:58:27 -0500
From: Martin Roesch <roesch () sourcefire com>
To: Josh Lutz <jlutz () ESIENT com>
CC: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Some Events are not logging to the snort logs.

An alert should be send to syslog and the packet should be logged in the
binary log file.  Is this not the case for you?

     -Marty

Josh Lutz wrote:


Okay. I figured out what was going on... I was reading it that the
logging would take place in both the logging directory specified at the
command line and to the syslog (with the -s switch). Apparently this is
not the case.

Well, that's good to know.
Josh


---------------------------------------------
Joshua Lutz
Network Engineer, ESI Enterprises, Inc.
1188 Centre Street
Newton Centre MA 02459
p. 617.527.4343 x107
f. 617.527.3303
e. jlutz () esient com

Date: Tue, 8 Jan 2002 15:21:53 -0500
From: "Josh Lutz" <jlutz () ESIENT com>
To: <snort-users () lists sourceforge net>
Subject: [Snort-users] Some Events are not logging to the snort logs.

I check /var/log/authlog and I see attempts by the Code Red II worm
testing my perimeter (coming in, not going out.) However, when I look at
the snort logs, I do not see any record of the attempt. As I understand
it, my snort log should capture these attempts and send an alert. As a
new user to Snort, I am uncertain at best, but to aid any one assisting
me, I am starting snort via the following cmd line:
[path to snort]/snort -i xl1 -d -c [path to snort.conf] -l
/home/snort/ext_log -s -b -D



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: