[Snort-users] Logging of packets

Richard Oyh richardoyh at ...125...
Thu Sep 28 02:58:02 EDT 2000

Thanks for pointing that out to me. I was able to log port 514 UDP packets 
with the following in my rules file.

log udp any any <> IP 514

It would seems that you can't log UDP with the session command for port 514. 
It is the same for the rest?

For those who have replied to my email, thank guys.


>From: Fyodor <fygrave at ...121...>
>Reply-To: fyodor at ...123...
>To: Richard Oyh <richardoyh at ...125...>, snort-users at lists.sourceforge.net
>Subject: Re: [Snort-users] Logging of packets
>Date: Thu, 28 Sep 2000 12:34:38 +0700 (ICT)
>~ :
>~ :log tcp any any <> $IP 23 (session: printable;)
>~ :
>~ :However when the following line was added to log syslog traffic, snort
>~ :complain that it cannnot find the session file
>~ :
>~ :log udp any any <> $IP 514 (session; printable;)
>~ :
>but there's no such thing as session with UDP, right?

Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at 

More information about the Snort-users mailing list