Snort mailing list archives
Re: Daily mail notification don't work anymore
From: Sam Przyswa <samp () arial-concept com>
Date: Tue, 28 Dec 2004 08:40:38 +0100
Le lun 27/12/2004 à 08:15, ViSolve Snort Support a écrit :
Hello, Your cronjob is (presumably) written to read alerts from /var/log/snort. When Snort configuration logging is enabled for "unified" log and alert, it will log details and alerts to snort.alert.xxxxxxx and snort.log.xxxxxxx. This is the Snort unified binary format alerting and logging. It is not ASCII-readable, but rather, requires tools like barnyard.
The only way to log in ASCII format in /var/log/snort/alert log file for me it's to add the "-A full" option into the snort.common.parameters but then IT STOP TO LOG IN MySQL !
In order to get your cron job to work as you want, you will need to edit the Snort configuration file, as shown: to send alert and log /var/log/snort/alert file, so that cron will look at /var/log/snort/alert.
Yes my snort daily cron work now but no more alerts in MySQL !!!
Comment the following two lines,
"output alert_unified: filename snort.alert, limit 128
output log_unified: filename snort.log, limit 128"
I do that too.
Now restart Snort. Alerts will now get logged to the default /var/log/snort/alert file, and your /etc/cron.daily should work as desired.
Yes but how make MySQL logging alerts too ?? Is a way in snort.conf to make ASCII log into /var/log/snort/alert to avoid the "-A full" in start command line and make snort able to log alerts in MySQL too ? Sam.
----- Original Message ----- From: "Sam Przyswa" <samp () arial-concept com> To: <snort-users () lists sourceforge net> Sent: Friday, December 24, 2004 6:20 AM Subject: [Snort-users] Daily mail notification don't work anymore Hi, Since my last Snort upgrade to v2.2.0 the script 5snort in /etc/cron.daily don't work anymore, the logfile /var/log/snort/alert stay empty but I got files snort.alert.xxxxxxxxxxx and snort.log.xxxxxxxx How to make it working as before ? Thanks in advance. Sam. -- Sam Przyswa - Chef de projet Arial Concept - Intégrateur Internet 36, rue de Turin - 75008 - Paris - France Tel: 01 40 54 86 04 - Fax: 01 40 54 83 01 Web: http://www.arial-concept.com - Email: Info () arial-concept com
-- Ce message a été vérifié par MailScanner pour des virus ou des polluriels et rien de suspect n'a été trouvé. MailScanner remercie transtec pour son soutien. ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Daily mail notification don't work anymore Sam Przyswa (Dec 23)
- Message not available
- Re: Daily mail notification don't work anymore Sam Przyswa (Dec 27)
- Re: Daily mail notification don't work anymore Frank Knobbe (Dec 28)
- Re: Daily mail notification don't work anymore Sam Przyswa (Dec 29)
- Re: Daily mail notification don't work anymore Sam Przyswa (Dec 27)
- Message not available
- <Possible follow-ups>
- Daily mail notification don't work anymore Sam Przyswa (Dec 25)
- RE: Daily mail notification don't work anymore Patrick S. Harper (Dec 25)
- RE: Daily mail notification don't work anymore Sam Przyswa (Dec 25)
- RE: Daily mail notification don't work anymore Patrick S. Harper (Dec 25)