Re: Fw: snort not reporting

[Allan Jensen <tubajensen () yahoo com>]

Ben,

I tried this command:

sudo snort  -bi ppp0  -c /etc/snort/snort.conf

(-b         Log packets in tcpdump format)

The -A option just sets the alert mode (That's not
what I want - is it?)
Using the -b option I find a file in /var/log/snort
named:

-rw-------  1 root  wheel  0 14 Dec 11:35
snort.log.1103020543

As you can see it's size is 0. It also disappears when
I quit snort.

Allan.


--- Ben van der Merwe <benm () pasco co za> wrote:

> Allan,
>
> I experienced the same problem when I first tried
> snort (with rules),
> but my project only focused on binary logging so I
> did not get the
> opportunity to fix it. That may be a good idea - try
> out the binary
> logging (I think there is a '-A' option then) and
> make sure that the
> traffic is logged to a binary file. You can then
> inspect the traffic
> with tools like 'ethereal', 'etherape' and
> 'tcpdump'. At least you can
> narrow down the problem area in this way.


                
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - now with 250MB free storage. Learn more.
http://info.mail.yahoo.com/mail_250


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users