Re: snort 2.0.0 logging problem?

[Erek Adams <erek () snort org>]

On Thu, 19 Jun 2003, sb ch wrote:

> When I see my snort log file, I found that the logging is not work well
> always like below.
> Same lines are logged again like below.
> Surely some messgaes are logged well but some aren't.
>
> What's the proble mand how can I solve this problem?
>
> [**] [1:2049:1] MS-SQL ping attempt [**]
> [Classification: Misc activity] [Priority: 3]
> [**] [1:2049:1] MS-SQL ping attempt [**]
> [Classification: Misc activity] [Priority: 3]
> 06/18-18:43:44.248450 211.xx.xx.xx:3314 -> 255.255.255.255:1434
> UDP TTL:128 TOS:0x0 ID:40608 IpLen:20 DgmLen:29
> Len: 1
> [Xref => http://cgi.nessus.org/plugins/dump.php3?id=10674]
> 06/18-18:43:44.248450 211.xx.xx.xx:3314 -> 255.255.255.255:1434
>
> UDP TTL:126 TOS:0x0 ID:40608 IpLen:20 DgmLen:29
> Len: 1
> [Xref => http://cgi.nessus.org/plugins/dump.php3?id=10674]

What info are you expecting?  That's the info from an 'full alert' file.

That's perfectly normal...  Now if you're expecting the entire packet
dump, you'll need to log to a pcap, unified, or a DB.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users