[Snort-users] doing something wrong?

Mipam mipam at ...266...
Mon Sep 25 01:55:55 EDT 2000


I am running into trouble trying to log stuff.
I always start snort this way:
snort -t /var/log/snort -c /snort/snort.conf -D -i [interface]

I tried log entire smtp and http sessions this way:
log TCP any any <> $INTERNAL 25 (session: printable; logto: "smtp";)
log TCP any any <> $INTERNAL 80 (session: printable; logto: "http";)

I also use preprocessor http_decode: 80 443 8080 in my snort.conf
However, i see no smtp or http file with logs what happend and so cannot
see what really went on.
I read that you cannot use logto when you let snort log into binairy
format, that's why i skipped the -b option.
What am i doing wrong here that logging isnt that what i want for?


More information about the Snort-users mailing list