Snort mailing list archives

Re[2]: snort 1.9 + OpenBSD 3.2-stable

From: Darren <darren () dazdaz org>
Date: Mon, 9 Dec 2002 15:21:14 +0000


Hello larc,

I upgraded to snort 1.9 and still adding the following 2 lines.

I used ./configure with no options.

/etc/snort.conf

output alert_syslog: LOG_AUTH LOG_ALERT
output CSV: /var/log/alert.csv default
etc
[I have also tried with commenting out alert_syslog]

/etc/snort/classification.config
/etc/snort/*.rules

Nothing goes in any of the /var/log/* files, nor does it log to

-bash-2.05b$ ls -l /var/log/alert.csv
-rw-r--r--  1 snort  snort  0 Dec  9 15:14 /var/log/alert.csv

-bash-2.05b$ sudo snort -v -u snort -g snort -l /var/log/snort -D
Initializing Output Plugins!

I don't think something is broke, but it's the way i'm using it.

Anyone got any thoughts?

Darren

Monday, December 9, 2002, 10:56:19 AM, you wrote:

l> Hi,

l> Well the best tip that I can give is, go to www.snort.org and download snort 1.9
l> Version 1.8.6 is really old and there are no signatures for it anymore.

l> Stefan D.

l> ------------------------
l>  Darren <darren () dazdaz org> wrote:
l> ------------------------
l> Hello snort-users,


After spending all afternoon on this, I need some tips.

I am using OpenBSD 3.2-stable and snort 1.8.6 compiles from ports.

I can't get snort to write csv output.  Is this a known issue or
am I doing something wrong?

/etc/snort.conf

output alert_syslog: LOG_AUTH LOG_ALERT
output csv: /var/log/snort/snort.log msg,proto,timestamp,src,srcport,dst,dstport

-bash-2.05b$ ls -ld /var/log/snort
drwxr-xr-x  2 snort  snort  512 Dec  8 17:31 /var/log/snort
-bash-2.05b$ ls -l /var/log/snort/snort.log
-rw-r--r--  1 snort  snort  0 Dec  8 17:31 /var/log/snort/snort.log

I have to launch snort like this so it writes into /var/log/snort/
# snort -v -u snort -g snort -l /var/log/snort -D

-bash-2.05b$ ps auxw | grep snort
snort    21995 31.8  0.0   664   644 ??  Ss     5:38PM    0:14.62 snort -v -u snort -g snort -l /var/log/snort -D

Interestingly without the -l option it won't write there, but this
is less important.

I'd like syslog and csv output.

Snort was build like this
# cd /usr/ports/net/snort
# make install

-bash-2.05b$ grep LOG_AUTH /usr/include/syslog.h
#define LOG_AUTH        (4 Snort!





-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re[2]: snort 1.9 + OpenBSD 3.2-stable Darren (Dec 09)
- Re: Re[2]: snort 1.9 + OpenBSD 3.2-stable twig les (Dec 09)
- <Possible follow-ups>
- Re: Re[4]: snort 1.9 + OpenBSD 3.2-stable twig les (Dec 09)
  - Re[6]: snort 1.9 + OpenBSD 3.2-stable Darren (Dec 09)