Snort mailing list archives
Re: snort 8.2 with snort2html
From: "Rick Updegrove" <rickupdegrove () hotmail com>
Date: Wed, 5 Dec 2001 12:19:45 -0800
Ok, I found out that the logs are going to /var/log/authlog rather than /var/log/secure for some reason with -s so I specified it in snort.conf with: output alert_syslog: LOG_AUTHPRIV and removed the -s from the startup line. ----- Original Message ----- From: "Rick Updegrove" <rickupdegrove () hotmail com> To: <snort-users () lists sourceforge net> Sent: Wednesday, December 05, 2001 10:29 AM Subject: [Snort-users] snort 8.2 with snort2html
Hello, I have been successfully using snort 1.7 for a while with snort2html 1.6 I do not have access to my previous configurations at this time but to the best of my recollection, I am doing what I normally do. My main problem that I can see is that snort is not logging to "/var/log/secure" like it needs to do in order to use snort2html. According to man snort the -s option should do this. So I use the
following
to start snort: /usr/local/bin/snort -s -Afull -c
/usr/local/share/examples/snort/snort.conf
Yet nothing gets logged to "/var/log/secure" thus snort2html doesn't
create
anything other than a "empty" page. I do see the alerts on the screen however, for example: Dec 5 10:23:47 cerberus snort[15378]: [1:382:4] ICMP PING Windows [Classification: Misc activity] [Priority: 3]: {ICMP} 64.166.46.11 -> 64.166.46.10 Dec 5 10:23:47 cerberus snort[15378]: [1:382:4] ICMP PING Windows [Classification: Misc activity] [Priority: 3]: {ICMP} 64.166.46.11 -> 64.166.46.10 Dec 5 10:23:47 cerberus snort[15378]: [1:382:4] ICMP PING Windows [Classification: Misc activity] [Priority: 3]: {ICMP} 64.166.46.11 -> 64.166.46.10 Dec 5 10:23:47 cerberus snort[15378]: [1:408:4] ICMP Echo Reply [Classification: Misc activity] [Priority: 3]: {ICMP} 64.166.46.10 -> 64.166.46.11 Dec 5 10:23:47 cerberus snort[15378]: [1:408:4] ICMP Echo Reply [Classification: Misc activity] [Priority: 3]: {ICMP} 64.166.46.10 -> 64.166.46.11 Dec 5 10:23:47 cerberus snort[15378]: [1:408:4] ICMP Echo Reply [Classification: Misc activity] [Priority: 3]: {ICMP} 64.166.46.10 -> 64.166.46.11 etc. What am I overlooking? Thanks, Rick Up _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort 8.2 with snort2html Rick Updegrove (Dec 05)
- Re: snort 8.2 with snort2html Rick Updegrove (Dec 05)