[Snort-users] Logging of packets

Richard Oyh richardoyh at ...125...
Wed Sep 27 03:39:25 EDT 2000


Hi all

I understand that it is possible to log session using snort. I have tried to 
log telent session using the following line in the rules file. It works very 
well.

log tcp any any <> $IP 23 (session: printable;)

However when the following line was added to log syslog traffic, snort 
complain that it cannnot find the session file

log udp any any <> $IP 514 (session; printable;)

Is there any thing that I have missed out? If it is not possible to log this 
traffice as a session, is there a way to log the syslog packets? Thanks in 
advance.

Regards
Richard
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at 
http://profiles.msn.com.




More information about the Snort-users mailing list