[Snort-users] Logging of packets

Richard Oyh richardoyh at ...125...
Wed Sep 27 22:54:40 EDT 2000


Thanks for both of your reply. I have checked and it is an email typo error, 
my rule files read:

log udp any any <> $IP 514 (session: printable;)

So it is not the colon problem

The error message on my console reads:

snort: [!] ERROR: Unable to open session file!

The command line that I use is

snort -b -D -i xl0 -l /var/snort -h $IP -c /usr/snort/rules

I was wondering if I have to include other commands in the rules file.


Regards
Richard

>From: Steve Halligan <agent33 at ...187...>
>To: 'Richard Oyh' <richardoyh at ...125...>, 
>snort-users at lists.sourceforge.net
>Subject: RE: [Snort-users] Logging of packets
>Date: Wed, 27 Sep 2000 11:12:06 -0500
>
>Not sure if this is a typo in the message or....but
>
> >
> > log tcp any any <> $IP 23 (session: printable;)
>COLON-------------------------------^
> > However when the following line was added to log syslog
> > traffic, snort
> > complain that it cannnot find the session file
> >
> > log udp any any <> $IP 514 (session; printable;)
>SEMICOLON----------------------------^

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at 
http://profiles.msn.com.




More information about the Snort-users mailing list