[Snort-users] CAn't get alerts to log or to work..

David Khoury dkhoury at ...58...
Tue Aug 22 01:19:59 EDT 2000


 I'm running Debian 2.2 stable, but have installed snort_1.6.3-2.deb from
the unstable branch (actually, there's a snort_1.6.3-4.deb now ... I'll
probably download it after this e-mail :).

 The alert logs are placed in the /var/log/auth.log file.  Check out your
/etc/syslog.conf file for the reason why it doesn't appear in the
/var/log/messages.

 dave

> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Snort Mail
> List
> Sent: Tuesday, 22 August 2000 5:22 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] CAn't get alerts to log or to work..
>
>
> I'm using Debian 2.2.17 - my Snort command line "snort -d -b -s
> -c /snort.cfg"
>
> Snort.cfg is the "ping" rules created from snort.org's rules database.
>
> I verifed that the "preprocessor portscan: 172.16/16 3 5
> /var/log/snort_portscan.log" is correct.
>
> I verified that the "var HOME_NET 172.16.1.30/32" is correct
>
> I'm just tryint to test out Snort's alerts feature.  When I ping
> 172.16.1.30, I get a file called:
> /var/log/snort/snort-0821 at ...361...  (which I assume is the
> tcpdump raw file)
>
> However, I don't get any alerts in my /var/log/messages.  Nor any
> place else that I can see.
>
> What might I be doing wrong?  What is the difference betwen the
> "alert" and the "log" header function when creating a rule?
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users
>





More information about the Snort-users mailing list