Snort mailing list archives
snort 1.8.6 + OpenBSD 3.2-stable
From: Darren <darren () dazdaz org>
Date: Sun, 8 Dec 2002 17:40:37 +0000
Hello snort-users, After spending all afternoon on this, I need some tips. I am using OpenBSD 3.2-stable and snort 1.8.6 compiles from ports. I can't get snort to write csv output. Is this a known issue or am I doing something wrong? /etc/snort.conf output alert_syslog: LOG_AUTH LOG_ALERT output csv: /var/log/snort/snort.log msg,proto,timestamp,src,srcport,dst,dstport -bash-2.05b$ ls -ld /var/log/snort drwxr-xr-x 2 snort snort 512 Dec 8 17:31 /var/log/snort -bash-2.05b$ ls -l /var/log/snort/snort.log -rw-r--r-- 1 snort snort 0 Dec 8 17:31 /var/log/snort/snort.log I have to launch snort like this so it writes into /var/log/snort/ # snort -v -u snort -g snort -l /var/log/snort -D -bash-2.05b$ ps auxw | grep snort snort 21995 31.8 0.0 664 644 ?? Ss 5:38PM 0:14.62 snort -v -u snort -g snort -l /var/log/snort -D Interestingly without the -l option it won't write there, but this is less important. I'd like syslog and csv output. Snort was build like this # cd /usr/ports/net/snort # make install -bash-2.05b$ grep LOG_AUTH /usr/include/syslog.h #define LOG_AUTH (4<<3) /* security/authorization messages */ #define LOG_AUTHPRIV (10<<3) /* security/authorization messages (private) */ { "auth", LOG_AUTH }, { "authpriv", LOG_AUTHPRIV }, { "security", LOG_AUTH }, /* DEPRECATED */ -bash-2.05b$ grep LOG_ALERT /usr/include/syslog.h #define LOG_ALERT 1 /* action must be taken immediately */ { "alert", LOG_ALERT }, -bash-2.05b$ snort -V -*> Snort! <*- Version 1.8.6 (Build 105) By Martin Roesch (roesch () sourcefire com, www.snort.org) -- Best regards, Darren mailto:darren () dazdaz org ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort 1.8.6 + OpenBSD 3.2-stable Darren (Dec 08)