[Snort-users] Logging of packets

James Hoagland hoagland at ...47...
Wed Sep 27 11:47:25 EDT 2000


At 7:39 AM +0000 9/27/00, Richard Oyh wrote:
[...]
>However when the following line was added to log syslog traffic, 
>snort complain that it cannnot find the session file
>
>log udp any any <> $IP 514 (session; printable;)
>
>Is there any thing that I have missed out? If it is not possible to 
>log this traffice as a session, is there a way to log the syslog 
>packets? Thanks in advance.

If this is exactly the rule you have, then I think I know the 
problem.  You need to change the ";" between "session" and 
"printable" to a ":" as you have in the other rule.  Probably just a 
typo.

-- Jim
-- 
|*   Jim Hoagland, Associate Researcher, Silicon Defense    *|
|*               hoagland at ...47...                *|
|*  Voice: (707) 445-4355 x13          Fax: (707) 445-4222  *|



More information about the Snort-users mailing list