No tcpdump or alert logging

[Christian Gebler <geblerc () googlemail com>]

Hello,

i am trying to set up Snort v2.9.2 on Ubuntu Server 10.04 LTS. I used the
documents from the Snort website for that, and followed them thru the whole
Snort, Snortrules, daq and libdnet installation.
Now Snort works fine without any Errors and in verbose mode i can see that
snort take a look at my LAN. It also said "it's all good" if i run it with
the commandline-option "-T".

But i also want to log the Tcpdumps and alerts, i use syslog and pcab for
that in the snort.conf:

526 # syslog
527 output alert_syslog: LOG_AUTH LOG_INFO
528
529 # pcap
530 output log_tcpdump: tcpdump.log

If i start Snort with the following options:

/usr/local/snort/bin/snort -u snort -g snort -d -l /var/log/snort -c
/usr/local/snort/etc/snort.conf -i eth0

Snort Creates the file "tcpdump.log.1334228358", but thats it. No logging
into this file, it is just a 0Kb file.

On my system is an older version of Snort from the Ubuntu apt-get
package-system, if i use this version, it works fine with logging and so
on...But it is the 2.8 version of Snort and i won't use it.


Here is my Snort terminal output: http://paste.kde.org/458414/



Thanks for your help!

------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second 
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!