Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Logging

From: Subba Rao <subba9 () home com>
Date: Sat, 19 May 2001 19:15:07 +0000
I have the default configuration file from snort tar ball and Maxvision's
rule set as well.

Before integrating Maxvision's ruleset, I was running Snort in daemon mode. Now
Snort is running via daemontools. Before letting daemontools manage Snort, I
have added Maxvision's rule set in my snortfull.conf

include /etc/snort-vision.conf

The current log files created are as follows:

-rw-------   1 root     root      2618536 May 15 14:46 alert
-rw-------   1 root     root       207121 May 15 18:13 log
-rw-------   1 root     root       361571 May 15 18:13 portscan.log
-rw-------   1 root     root         1362 May 15 14:46 snort-0515\@1445.log
-rw-------   1 root     root           24 May 15 14:50 snort-0515\@1447.log
-rw-------   1 root     root           24 May 15 14:50 snort-0515\@1450.log

While before daemontools, the log files were as follows:

drwx------   2 root     root         4096 May 15 17:06 12.119.178.6/
drwx------   2 root     root         4096 May 15 17:06 130.239.40.15/
drwx------   2 root     root         4096 Apr 25 17:31 134.24.32.214/
drwx------   2 root     root         4096 May 15 17:06 192.87.5.150/
drwx------   2 root     root         4096 Apr 25 17:31 207.88.250.10/
-rw-------   1 root     root      2618536 May 15 14:46 alert
-rw-------   1 root     root       207121 May 15 18:13 log
-rw-------   1 root     root       361571 May 15 18:13 portscan.log
-rw-------   1 root     root            0 May 15 14:51 snort-0515\@1451.log
-rw-------   1 root     root           24 May 15 15:01 snort-0515\@1500.log
-rw-------   1 root     root           24 May 15 15:03 snort-0515\@1502.log

I prefer to have previous logging technique, where alert are put out in the
offending hosts IP address directory.

How do I get that old style logging back?

TIA.
-- 

Subba Rao
subba9 () home com
http://members.home.net/subba9/

GPG public key ID 27FC9217

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: