[Snort-users] Snort command syntax for logging?
donheff at ...88...
Sat Nov 25 15:18:44 EST 2000
I have had Snort running on two Linux boxes for a long time. I just
updated my ruleset and now Snort no longer writes to var/log/secure like
it used to. When I run it with the -v switch I can see lots of traffic
passing by so I don't think anything fundamental is wrong - I assume I
am entering something wrong in the startup command. Does this look
right to log to /var/log/secure (where portscan.rules is the ruleset):
snort -c /usr/local/etc/portscan.rules -i eth0 -s ???
I tried my old ruleset but that didn't help.
More information about the Snort-users