Snort mailing list archives
Re: Some Events are not logging to the snort logs
From: "Adam Goldstein" <adam.goldstein () villanova edu>
Date: Wed, 09 Jan 2002 12:21:43 -0500
I am experiencing the same problem. The Web-IIS ISAPI .ida attempt rule triggers alerts but does not log to the binary file. I am also using the 1.8.3 ruleset (I had the same problem with 1.8.1) and a nearly identical command line but without the syslog. - Adam adam.goldstein () villanova edu
Date: Tue, 08 Jan 2002 22:58:27 -0500 From: Martin Roesch <roesch () sourcefire com> To: Josh Lutz <jlutz () ESIENT com> CC: snort-users () lists sourceforge net Subject: Re: [Snort-users] Some Events are not logging to the snort logs. An alert should be send to syslog and the packet should be logged in the binary log file. Is this not the case for you? -Marty Josh Lutz wrote:Okay. I figured out what was going on... I was reading it that the logging would take place in both the logging directory specified at the command line and to the syslog (with the -s switch). Apparently this is not the case. Well, that's good to know. Josh --------------------------------------------- Joshua Lutz Network Engineer, ESI Enterprises, Inc. 1188 Centre Street Newton Centre MA 02459 p. 617.527.4343 x107 f. 617.527.3303 e. jlutz () esient comDate: Tue, 8 Jan 2002 15:21:53 -0500 From: "Josh Lutz" <jlutz () ESIENT com> To: <snort-users () lists sourceforge net> Subject: [Snort-users] Some Events are not logging to the snort logs. I check /var/log/authlog and I see attempts by the Code Red II worm testing my perimeter (coming in, not going out.) However, when I look at the snort logs, I do not see any record of the attempt. As I understand it, my snort log should capture these attempts and send an alert. As a new user to Snort, I am uncertain at best, but to aid any one assisting me, I am starting snort via the following cmd line: [path to snort]/snort -i xl1 -d -c [path to snort.conf] -l /home/snort/ext_log -s -b -D
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Some Events are not logging to the snort logs Adam Goldstein (Jan 09)