Snort mailing list archives
snort logging
From: Philip Edwards <phil.e () clara net>
Date: Wed, 17 Oct 2012 15:28:56 +0100
xubuntu 11.10 snort v2.9.2 Build 78 Hi, I have a question. I had snort up and running fine a while ago, it didn't start on boot but i was going to fix that later. The next time i turned the machine on, i noticed that it wasn't logging anymore. It is supposed to log via the mysql database the old fashioned way without unified and barnyard. On further investigation i noticed that nothing was appearing in /var/log/messages either. I've turned the messages back on by uncommenting the relevant section in /etc/rsyslog.d/50-default.conf However snort is still not outputting anything to tcpdump or the database. It creates a file called tcpdump.log.number but doesn't write anything to it. I'm getting a message in the syslog about imuxsock dropping messages due to rate limiting. Is this relevant and how do i turn the rate limiting off. Thanks Phil ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort logging Philip Edwards (Oct 17)