[Snort-users] snort on HP-UX, syslog problems

Gregor Binder gbinder at ...462...
Fri Sep 22 17:39:02 EDT 2000


Karl Lovink on Fri, Sep 22, 2000 at 12:03:13PM +0200:

Hi Karl,

> I'am trying to run snort on de HP-UX 10.20 box.
> I having problems in sending the alert to syslog.

I have snort running on one of our 712/60 HP-UX dev boxes. It is
logging its alerts to syslog-ng, which should look to snort
exactly the same way as the original HP-UX syslog (/dev/log pipe).

Even though I would not necessarily recommend the setup as being
the ideal platform for a snort (or any) sensor, as far as I can
determine this (caused some alerts, did portscans) it works well
and I definitely cannot reproduce your problems.

> The -s option doesn't work. Also nothing about 
> starting snort is sent to syslog.

Same here, startup information is not logged, on none of the
platforms I have, I would not consider this a problem. Do you see an
actual error when you try to use -s?

> The syslog daemon runs without problem. *.debug has
> been set up.

Since you seem to have issues unrelated to syslog, leave out the -D
when you start snort to see what sort of problems it tells you about.

If you are using any other additional command line switches, let me
know so I can try to reproduce here.

Exept for compiling snort and libpcap on a system with current
patches I don't remember that I had to do anything special besides
"mkdir /var/log/snort". This system was converted to a TCB, but this
should not make a difference for snort.

Regards,
  Gregor.

-- 
Gregor Binder  <gbinder at ...462...>  http://www.sysfive.com/~gbinder/
sysfive.com GmbH             UNIX. Networking. Security. Applications.
Gaertnerstrasse 125b, 20253 Hamburg, Germany       TEL +49-40-63647482
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 234 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20000922/965c1a07/attachment.sig>


More information about the Snort-users mailing list