Re: I am a newbie

[waldo kitty <wkitty42 () windstream net>]

On 1/3/2014 11:04 AM, Fabien Delmotte wrote:
> Hello Waldo,
>
> I am updating my snort (I am under Debian and it seems that the package is old).

i can understand that... you will probably end up uninstalling the repository 
version in the building the latest from the sources... unless, of course, you 
can find a precompiled package of the latest snort version...

> > what is the problem? all you've written are statements about what you did but
> > nothing about what you expect to see or what you are seeing...
>
>
> I would like to see a log.

assuming that the default logging options are in play, then /var/log/snort/alert 
will be the textual alert log file... in that same directory, there will be 
snort.log.xxxxxxxxxxxxxx where the 'x' are digits... those are binary pcap files 
of the traffic that caused the alerts... each time snort is (re)started, it will 
create a new snort.log.xxxxxxxxxxxxxx file...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!