[Snort-users] guardian

Blake Frantz blake at ...319...
Mon Apr 16 11:08:08 EDT 2001


I would start by getting snort to log events to /var/log/snort/alert.
Gaurdian won't do anything if it doesn't see anything happening in that
(or the specified) log.

Has snort ever logged events or is this a new occurance with the
introduction of Gaurdian?  Verify that the HOME_NET and EXTERNAL_NET
settings are correct in your snort config file.  

Gaurdian log locations are specified in gaurdian.conf.  The default
location is /var/log/guardian.log,  but if gaurdian.conf is missing these
settings it will log to STDOUT.

ipchains will log events if you add "-l" to the chain rule.

Hope this helps.

Blake

================================================================= 

On Mon, 16 Apr 2001, Philipp Snizek wrote:

> Dear list users
> 
> does guardian (ipchains) log the attempts (scans, etc) of an intruder? If
> yes, in what log file?
> Afterwards I took a look into guardian.log, but there were only guardian's
> PIDs. Snort's alert log didn't tell me much more and /var/log/messages
> didn't record anything either.
> 
> Thank you.
> Philipp
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 





More information about the Snort-users mailing list