Snort mailing list archives
Help with logging structure
From: "Gerardo Gregory" <ggregory () affinitas net>
Date: Mon, 6 Aug 2001 08:00:06 -0500
I am starting to play with snort, evaluate to see if it can play a role in our security structure. So bear with me if this seems repetitive. I installed the RPM package of snort, it created a directory in /etc/ called snort and dumped everything there, then in /var/log/ it also went and created a directory called snort, finally a file called portscan.log was dumped in / is this normal???? also how to I modify which file to send logs to, I have tried using some of the plug-ins but it seems not to work when I enter values such as /var/log/snort/portscan.log (attempting to move the portscan.log under /var/log/snort/ and away from /) example: running snort without any variables logs to /var/log/snort/alert if i start snort with a variable -s (it's supposed to go to syslog) it doesnt log anything anywhere.... /var/log/secure is empty, /var/log/messages only has ICMP echo / echo-reply [and I think that is the system logging does not snort ] any pointers, or help will be appreciated thanks, GG _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- the meaning with arrows in alerts? Pontus Joakimsson (Aug 06)
- Help with logging structure Gerardo Gregory (Aug 06)
- RE: Help with logging structure John Berkers (Aug 07)
- RE: the meaning with arrows in alerts? Jyri Hovila (Aug 06)
- Re: the meaning with arrows in alerts? Martin Roesch (Aug 06)
- Help with logging structure Gerardo Gregory (Aug 06)