blake at ...319...
Mon Apr 16 11:08:08 EDT 2001
I would start by getting snort to log events to /var/log/snort/alert.
Gaurdian won't do anything if it doesn't see anything happening in that
(or the specified) log.
Has snort ever logged events or is this a new occurance with the
introduction of Gaurdian? Verify that the HOME_NET and EXTERNAL_NET
settings are correct in your snort config file.
Gaurdian log locations are specified in gaurdian.conf. The default
location is /var/log/guardian.log, but if gaurdian.conf is missing these
settings it will log to STDOUT.
ipchains will log events if you add "-l" to the chain rule.
Hope this helps.
On Mon, 16 Apr 2001, Philipp Snizek wrote:
> Dear list users
> does guardian (ipchains) log the attempts (scans, etc) of an intruder? If
> yes, in what log file?
> Afterwards I took a look into guardian.log, but there were only guardian's
> PIDs. Snort's alert log didn't tell me much more and /var/log/messages
> didn't record anything either.
> Thank you.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users