Snort mailing list archives
Re: A size of log file is zero although there is an attack
From: James Lay <jlay () slave-tothe-box net>
Date: Wed, 24 Sep 2014 09:42:53 -0600
On 2014-09-24 00:12, Jutichai Thongkrachai wrote:
Any idea? I try to do the solution of similar problems but its not work. On Sep 20, 2014 12:51 PM, "Jutichai Thongkrachai" <thsecmaniac () gmail com [11]> wrote:Hello, I set up Snort 2.9.6.2 on CentOS 7. the setting up is fine. there is not any error. I configure snort to generate a log file in unified2 type.I run snort with Network Intrusion Detection System mode with this command: _SNORT -DEV -H -C /ETC/SNORT/SNORT.CONF -I ENP2S0_ the console show packets flow through the network. I test my snort by run a port scanning to 2 PCs in the network with Zenmap (Windows version of Nmap). When Zenmap run finish, there is a file in /var/log/snort : -rwxrwxrwx. 1 snort snort 0 Sep 16 14:04 barnyard2.waldo drwxr-xr-x. 3 snort snort 4096 Sep 7 11:44 enp2s0 -rw-------. 1 root root 0 Sep 20 11:30 merged.log.1411187404 -rw-------. 1 root root 0 Sep 20 11:30 tcpdump.log.1411187404 as you can see, there are 2 log file but both of them are empty (their size are zero) I dont know why they are empty. Here the snort.conf of my Snort:
# syslog output alert_syslog: LOG_AUTH LOG_ALERT
What's your syslog entries show? James ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- A size of log file is zero although there is an attack Jutichai Thongkrachai (Sep 19)
- Re: A size of log file is zero although there is an attack Jutichai Thongkrachai (Sep 23)
- Re: A size of log file is zero although there is an attack Sharif Uddin (Sep 24)
- Re: A size of log file is zero although there is an attack James Lay (Sep 24)
- <Possible follow-ups>
- Re: A size of log file is zero although there is an attack Sharif Uddin (Sep 26)
- Re: A size of log file is zero although there is an attack Jutichai Thongkrachai (Sep 23)