[Snort-users] CAn't get alerts to log or to work..
dkhoury at ...58...
Tue Aug 22 01:19:59 EDT 2000
I'm running Debian 2.2 stable, but have installed snort_1.6.3-2.deb from
the unstable branch (actually, there's a snort_1.6.3-4.deb now ... I'll
probably download it after this e-mail :).
The alert logs are placed in the /var/log/auth.log file. Check out your
/etc/syslog.conf file for the reason why it doesn't appear in the
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Snort Mail
> Sent: Tuesday, 22 August 2000 5:22 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] CAn't get alerts to log or to work..
> I'm using Debian 2.2.17 - my Snort command line "snort -d -b -s
> -c /snort.cfg"
> Snort.cfg is the "ping" rules created from snort.org's rules database.
> I verifed that the "preprocessor portscan: 172.16/16 3 5
> /var/log/snort_portscan.log" is correct.
> I verified that the "var HOME_NET 172.16.1.30/32" is correct
> I'm just tryint to test out Snort's alerts feature. When I ping
> 172.16.1.30, I get a file called:
> /var/log/snort/snort-0821 at ...361... (which I assume is the
> tcpdump raw file)
> However, I don't get any alerts in my /var/log/messages. Nor any
> place else that I can see.
> What might I be doing wrong? What is the difference betwen the
> "alert" and the "log" header function when creating a rule?
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
More information about the Snort-users