[Snort-users] snort & logging
sol at ...2229...
Mon Jun 11 16:06:11 EDT 2001
how if I would like to redirect the output file written to the "log" file to
the "alerts" file? I cannot find a setting anywhere.
> -----Original Message-----
> From: John Sage [mailto:jsage at ...2022...]
> Sent: Monday, June 11, 2001 3:41 PM
> To: Sven Olensky
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] snort & logging
> Logging and alerts are two different animals.
> At least in a rules file (this is my tcp-local-lib..) you can do this:
> alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:"TCP to 25 smtp";)
> log tcp $EXTERNAL_NET 25 -> $HOME_NET any (msg:"TCP from 25 smtp";)
> # alert to, log from
> (Actually I don't thing the (msg: ... ) does anything in the
> log line...
> So tcp coming in to *my* port 25 generates an alert, but I'm just
> logging everything that's *from* port 25
> - John
> Sven Olensky wrote:
> > I know, I know I bet a million people have encountered this
> before, but
> > I have to ask it, since I am just plainly clueless about
> how to go about
> > this:
> > how exactly do I switch snort to logging into the alerts
> file rather
> > than the log file.. can you guys give me the complete line
> I have to
> > insert into snort.conf for that, please? I cant figure it out.
> > preprocessor output..... and what then?
> > thanks!
> > please cc sol at ...2229..., since I am not a regular subscriber.
> John Sage
> FinchHaven, Vashon Island, WA, USA
> mailto:jsage at ...2022...
> "The web is so, like, five minutes ago..."
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users