[Snort-users] IP Address subdirectories
plyons at ...125...
Fri Nov 30 15:10:03 EST 2001
I see no subdirectories under /var/log/snort for IP addresses.
I am familiar w/the faq 3.9:
3.9 --faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq--
Q: Why are there no subdirectories under /var/log/snort for IP addresses?
A: It depends on how your snort configuration logs. If it logs in binary
format, you'll have to process the binary log in order to get cleartext
BUT - I am not to my knowledge logging binary - unless by using mysql to log
alerts that means binary?
OK, so I am obviously new to the snort world :-/
I do have a cleartext alert logfile in /var/log/snort.
My configuration is as follows:
My command line to start:
/usr/local/bin/snort -u root -g xxxxxxx -m 006 -de -D -i eth1 -l
/var/log/snort -c /etc/snort/snort.conf
My snort.conf lines:
var HOME_NET any
output database: log, mysql, user=snort password=xxxxxxxx dbname=snort
Using Version 1.8.1-RELEASE (Build 74) on Red Hat 7.0
I have recently added switches -e and -l /var/log/snort to try to get back
my IP subdirectory logging. No luck.
What must I do to get my IP address logging facility back?
Your help is appreciated,
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
More information about the Snort-users