[Snort-users] Snort command syntax for logging?

Don Heffernan donheff at ...88...
Sat Nov 25 15:18:44 EST 2000


I have had Snort running on two Linux boxes for a long time.  I just
updated my ruleset and now Snort no longer writes to var/log/secure like
it used to.  When I run it with the -v switch I can see lots of traffic
passing by so I don't think anything fundamental is wrong - I assume I
am entering something wrong in the startup command.  Does this look
right to log to /var/log/secure (where portscan.rules is the ruleset):
snort -c /usr/local/etc/portscan.rules -i eth0 -s ???

I tried my old ruleset but that didn't help.
--
Don Heffernan
heffernan.cais.net





More information about the Snort-users mailing list