Snort mailing list archives
Re: Re[2]: snort 1.9 + OpenBSD 3.2-stable
From: twig les <twigles () yahoo com>
Date: Mon, 9 Dec 2002 10:07:21 -0800 (PST)
Did you chown snort:snort /var/log/snort? --- Darren <darren () dazdaz org> wrote:
Hello larc, I upgraded to snort 1.9 and still adding the following 2 lines. I used ./configure with no options. /etc/snort.conf output alert_syslog: LOG_AUTH LOG_ALERT output CSV: /var/log/alert.csv default etc [I have also tried with commenting out alert_syslog] /etc/snort/classification.config /etc/snort/*.rules Nothing goes in any of the /var/log/* files, nor does it log to -bash-2.05b$ ls -l /var/log/alert.csv -rw-r--r-- 1 snort snort 0 Dec 9 15:14 /var/log/alert.csv -bash-2.05b$ sudo snort -v -u snort -g snort -l /var/log/snort -D Initializing Output Plugins! I don't think something is broke, but it's the way i'm using it. Anyone got any thoughts? Darren Monday, December 9, 2002, 10:56:19 AM, you wrote: l> Hi, l> Well the best tip that I can give is, go to www.snort.org and download snort 1.9 l> Version 1.8.6 is really old and there are no signatures for it anymore. l> Stefan D. l> ------------------------ l> Darren <darren () dazdaz org> wrote: l> ------------------------ l> Hello snort-users,After spending all afternoon on this, I need sometips.I am using OpenBSD 3.2-stable and snort 1.8.6compiles from ports.I can't get snort to write csv output. Is this aknown issue oram I doing something wrong? /etc/snort.conf output alert_syslog: LOG_AUTH LOG_ALERT output csv: /var/log/snort/snort.logmsg,proto,timestamp,src,srcport,dst,dstport-bash-2.05b$ ls -ld /var/log/snort drwxr-xr-x 2 snort snort 512 Dec 8 17:31/var/log/snort-bash-2.05b$ ls -l /var/log/snort/snort.log -rw-r--r-- 1 snort snort 0 Dec 8 17:31/var/log/snort/snort.logI have to launch snort like this so it writes into/var/log/snort/# snort -v -u snort -g snort -l /var/log/snort -D -bash-2.05b$ ps auxw | grep snort snort 21995 31.8 0.0 664 644 ?? Ss5:38PM 0:14.62 snort -v -u snort -g snort -l /var/log/snort -DInterestingly without the -l option it won't writethere, but thisis less important. I'd like syslog and csv output. Snort was build like this # cd /usr/ports/net/snort # make install -bash-2.05b$ grep LOG_AUTH /usr/include/syslog.h #define LOG_AUTH (4 Snort!
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users ===== ----------------------------------------------------------- If you give a man a fish, he can eat for a day If you bludgeon him to death, you can eat the fish yourself ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re[2]: snort 1.9 + OpenBSD 3.2-stable Darren (Dec 09)
- Re: Re[2]: snort 1.9 + OpenBSD 3.2-stable twig les (Dec 09)
- <Possible follow-ups>
- Re: Re[4]: snort 1.9 + OpenBSD 3.2-stable twig les (Dec 09)
- Re[6]: snort 1.9 + OpenBSD 3.2-stable Darren (Dec 09)