[Snort-users] Logging of packets

George Colt colt at ...81...
Thu Sep 28 09:30:40 EDT 2000


On Wed, 27 Sep 2000, James Hoagland wrote:
> At 7:39 AM +0000 9/27/00, Richard Oyh wrote:
> [...]
> >However when the following line was added to log syslog traffic, 
> >snort complain that it cannnot find the session file
> >
> >log udp any any <> $IP 514 (session; printable;)
> >
> >Is there any thing that I have missed out? If it is not possible to 
> >log this traffice as a session, is there a way to log the syslog 
> >packets? Thanks in advance.
> 
> If this is exactly the rule you have, then I think I know the 
> problem.  You need to change the ";" between "session" and 
> "printable" to a ":" as you have in the other rule.  Probably just a 
> typo.
> 

That won't work, will it? I mean, what is the definition of a UDP session
(vice TCP)? Anything to that IP:port, or anything in a certain time
period, or... what?


	-george

--
George Colt
colt at ...81...




More information about the Snort-users mailing list