[Snort-users] Snort Logs (May be a stupid question)

Korhan Gurler lists at ...1198...
Thu Jan 25 05:59:39 EST 2001


I've changed it by the -l option but it didn't work. BTW accidentely i
wrote the path wrong in my mail they must be /var/log/portscan.log and
/var/log/snort/snort.alert. They seem to exist but they are zero bytes
length even if scanlogd finds the portscan snort doesn't log it. When
i use -dv switch with snort i can see the scan but still no logging :(


On Wed, 24 Jan 2001, Martin Roesch wrote:

# Snort logs to /var/log/snort by default.  You can change the output
# directory by using the -l command line switch.
#
#    -Marty
#
# Kevin.Brown at ...1022... wrote:
# >
# > I think by default snort logs to /var/log
# > You should find /var/log/snort_portscan.log and a directory called snort.
# >
# > > You can call me a newbie in this snort stuff so i apologize for the
# > > stupidness of this question ( if it is ). Here is my question,
# > > I've installed snort on my SuSE 7.0 system and it seems to work fine but
# > > when i try to portscan my host from outside my network it doesn't log
# > > the /etc/portscan.log file, and when i try to attack my box it even
# > > doesn't log it to the /etc/snort/snort.alert file. What might be the
# > > problem? Here is hpw i run snort :
# > > snort -D -i eth0 -c /etc/snort/snort-lib
# > >
# > > BTW the configuration files are the ones come default with the SuSE 7.0
# > > distribution.
# > >
# > > Thanx in advance.
# > >
# > >
# > >
# > > _______________________________________________
# > > Snort-users mailing list
# > > Snort-users at lists.sourceforge.net
# > > Go to this URL to change user options or unsubscribe:
# > > http://lists.sourceforge.net/lists/listinfo/snort-users
# > >
# >
# > _______________________________________________
# > Snort-users mailing list
# > Snort-users at lists.sourceforge.net
# > Go to this URL to change user options or unsubscribe:
# > http://lists.sourceforge.net/lists/listinfo/snort-users
#
# --
# Martin Roesch
# roesch at ...421...
# http://www.snort.org
#
# _______________________________________________
# Snort-users mailing list
# Snort-users at lists.sourceforge.net
# Go to this URL to change user options or unsubscribe:
# http://lists.sourceforge.net/lists/listinfo/snort-users
#

--
    if (argc > 1 && strcmp(argv[1], "-advice") == 0) {
        printf("Don't Panic!\n");
        exit(42);
    }
        -- Arnold Robbins in the LJ of February '95, describing RCS






More information about the Snort-users mailing list