[Snort-users] Snort Logs (May be a stupid question)

Martin Roesch roesch at ...421...
Sat Jan 27 00:39:10 EST 2001


You've got something misconfigured, it works fine on SuSE Linux.  Did
you set the HOME_NET variable in the snort-lib file?  Are you running
Snort 1.7?  If not, you should upgrade and check out the snort.conf file
(which replaces snort-lib).

   -Marty

Korhan Gurler wrote:
> 
> I've changed it by the -l option but it didn't work. BTW accidentely i
> wrote the path wrong in my mail they must be /var/log/portscan.log and
> /var/log/snort/snort.alert. They seem to exist but they are zero bytes
> length even if scanlogd finds the portscan snort doesn't log it. When
> i use -dv switch with snort i can see the scan but still no logging :(
> 
> On Wed, 24 Jan 2001, Martin Roesch wrote:
> 
> # Snort logs to /var/log/snort by default.  You can change the output
> # directory by using the -l command line switch.
> #
> #    -Marty
> #
> # Kevin.Brown at ...1022... wrote:
> # >
> # > I think by default snort logs to /var/log
> # > You should find /var/log/snort_portscan.log and a directory called snort.
> # >
> # > > You can call me a newbie in this snort stuff so i apologize for the
> # > > stupidness of this question ( if it is ). Here is my question,
> # > > I've installed snort on my SuSE 7.0 system and it seems to work fine but
> # > > when i try to portscan my host from outside my network it doesn't log
> # > > the /etc/portscan.log file, and when i try to attack my box it even
> # > > doesn't log it to the /etc/snort/snort.alert file. What might be the
> # > > problem? Here is hpw i run snort :
> # > > snort -D -i eth0 -c /etc/snort/snort-lib
> # > >
> # > > BTW the configuration files are the ones come default with the SuSE 7.0
> # > > distribution.
> # > >
> # > > Thanx in advance.
> # > >
> # > >
> # > >
> # > > _______________________________________________
> # > > Snort-users mailing list
> # > > Snort-users at lists.sourceforge.net
> # > > Go to this URL to change user options or unsubscribe:
> # > > http://lists.sourceforge.net/lists/listinfo/snort-users
> # > >
> # >
> # > _______________________________________________
> # > Snort-users mailing list
> # > Snort-users at lists.sourceforge.net
> # > Go to this URL to change user options or unsubscribe:
> # > http://lists.sourceforge.net/lists/listinfo/snort-users
> #
> # --
> # Martin Roesch
> # roesch at ...421...
> # http://www.snort.org
> #
> # _______________________________________________
> # Snort-users mailing list
> # Snort-users at lists.sourceforge.net
> # Go to this URL to change user options or unsubscribe:
> # http://lists.sourceforge.net/lists/listinfo/snort-users
> #
> 
> --
>     if (argc > 1 && strcmp(argv[1], "-advice") == 0) {
>         printf("Don't Panic!\n");
>         exit(42);
>     }
>         -- Arnold Robbins in the LJ of February '95, describing RCS
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users

--
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list