Snort mailing list archives
Re: Sensitive Data Preprocessor: logging single matches
From: Erik Johnson <ejohnson () vailsys com>
Date: Wed, 9 Mar 2011 12:29:15 -0600
On Tue, Mar 01, 2011 at 05:45:47PM -0500, Victor Roemer wrote:
Ah, I missed that, sorry. Anyways, per my testing everything seems hunky-dory which leads me to believe that the issues you are currently experiencing are extraneous to the sensitive data preprocessor.
So, I found the problem. It was with my alert_syslog line: I had # syslog output alert_syslog: LOG_ERR According to the snort manual, alert_syslog should have the following syntax: alert_syslog: \ <facility> <priority> <options> After changing the alert_syslog line to the following, alerts are being successfully logged. # syslog output alert_syslog: LOG_AUTH LOG_ERR Now, another problem has arisen. Since enabling the sensitive data preprocessor, I'm not getting anything logged to the tcpdump log. Here's my log_tcpdump line: # pcap output log_tcpdump: tcpdump.log I'm running snort as a daemon in CentOS, and the init script gets some of its config options from /etc/sysconfig/snort, so I'll check both that and the init script to see what's not working. Running ps shows no -r option like you included in your manual snort run, so tcpdump logging is definitely not being turned on. -- Erik Johnson System Administrator Vail Systems e: ejohnson () vailsys com p: 866-254-7699 http://www.vailsys.com
Attachment:
_bin
Description:
------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Sensitive Data Preprocessor: logging single matches Erik Johnson (Feb 25)
- Re: Sensitive Data Preprocessor: logging single matches Victor Roemer (Mar 02)
- Re: Sensitive Data Preprocessor: logging single matches Erik Johnson (Mar 01)
- Re: Sensitive Data Preprocessor: logging single matches Victor Roemer (Mar 01)
- Re: Sensitive Data Preprocessor: logging single matches Erik Johnson (Mar 01)
- Re: Sensitive Data Preprocessor: logging single matches Victor Roemer (Mar 01)
- Re: Sensitive Data Preprocessor: logging single matches Erik Johnson (Mar 01)
- Re: Sensitive Data Preprocessor: logging single matches Victor Roemer (Mar 02)
- Re: Sensitive Data Preprocessor: logging single matches Erik Johnson (Mar 09)
- Re: Sensitive Data Preprocessor: logging single matches Erik Johnson (Mar 01)
- Re: Sensitive Data Preprocessor: logging single matches Victor Roemer (Mar 02)