[Snort-users] snort not logging detail expected

Mike_Cudmore at ...755... Mike_Cudmore at ...755...
Mon Nov 6 13:12:10 EST 2000


Hi,

I have a new installation of snort (1.6.3 patch 2)  running on Debian Linux
running with the rules file 10102k.rules from snort.org.

/usr/sbin/snort -D -S HOME_NET=43.194.201.0/24 -h 43.194.201.0/24 -c
/etc/snort/snort-lib -A full -t /var/log/snort -u snort -g snort -s -i eth0

I have trouble getting the hierarchial listing as described on the
linuxsecurity site

e.g.

#    The /var/log/snort directory contains a hierarchial listing with each
host having it's own directory beneth which contains a
#               file detailing the information that makes up the intrusion
attempt. For example:

#               [root at ...756... ~]# cd /var/log/snort
#               [root at ...756... snort]# find 192.168.200.189
#              192.168.100.189
#              192.168.100.189/ICMP_ECHO
#              192.168.100.189/ICMP_PORT_UNRCH
#              192.168.100.189/TCP:57554-32771
#              192.168.100.189/TCP:57555-32771
#              [root at ...756... ~]#


but I do get log messages in e.g. /var/log/auth.log

drwxr-xr-x    4 root     root         4096 Nov  6 17:20 ./
drwxr-xr-x   14 root     root         4096 Oct 23 12:09 ../
-rw-r-----    1 root     adm        109121 Nov  6 17:29 auth.log
-rw-rw----    1 root     utmp          384 Nov  2 12:42 btmp
-rw-rw----    1 root     utmp         3840 Oct 31 16:31 btmp.1
-rw-r--r--    1 root     root        16943 Nov  6 17:25 cron.log
-rw-r--r--    1 root     root         4097 Nov  6 17:29 daemon.log
-rw-r--r--    1 root     root        67533 Nov  6 17:29 err.log
-rw-r--r--    1 root     root        24024 Nov  2 13:29 faillog
-rw-r--r--    1 root     root        62499 Nov  6 17:29 info.log
-rw-r--r--    1 root     root        91772 Nov  6 17:59 kern.log
drwxr-xr-x    2 root     root         4096 Nov  6 17:25 ksymoops/
-rw-rw-r--    1 root     utmp       292292 Nov  6 17:27 lastlog
-rw-r--r--    1 root     root        13253 Nov  6 17:25 mail.log
-rw-r--r--    1 root     root        93251 Nov  6 17:59 messages.log
-rw-------    1 root     root            0 Oct 31 18:41 portscan.log
drwxr-sr-- 2 snort    snort        4096 Nov  6 17:58 snort/
-rw-------    1 root     root      2029522 Nov  6 17:20 snort_portscan.log
-rw-r--r--    1 root     root            0 Oct 23 11:32 ssh.log
-rw-r--r--    1 root     root         1499 Nov  6 17:25 syslog.log
-rw-r--r--    1 root     root          131 Oct 25 18:17 user.log
-rw-r--r--    1 root     root        43476 Nov  6 17:25 warning.log
-rw-rw----    1 root     utmp        98304 Nov  6 17:27 wtmp
-rw-rw-r--    1 root     utmp       124800 Nov  1 20:46 wtmp.1

any thoughts on how to get the detailed logging ?

thanks


Mike Cudmore




**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

SCEE
**********************************************************************



More information about the Snort-users mailing list