[Snort-users] Logging not working
ed at ...3483...
Thu Sep 20 20:21:02 EDT 2001
I just installed snort for the first time in hopes of using it as an IDS
for our small network. I am having trouble figuring out the logging and
can't find the exact answer in the archives or the docs as of yet.
Setup: Snort Version 1.8.1-RELEASE (Build 74)
I start snort with the following:
/usr/local/bin/snort -D -c /usr/local/snort/snort.conf
From the faq:
If you specified a logging directory with the -l parameter then that is
where your files are located.
If you did not specify a logging directory then Snort will log to
/var/log/snort/. In the past, running
Snort in daemon mode (-D) produced a file named "snort.alert". For
consistency sake, this has
been changed. Running Snort in both standard or daemon modes (-D) will
produce a file named "alert".
However, when I start snort, the following are created depending on the
date and time of course:
0 Sep 20 20:09 0920 at ...3540...
0 Sep 20 20:09 0920 at ...3541...
...and they stay empty. There is no "alert" in /var/log/snort/
Any pointer as to where to look next are appreciated.....
More information about the Snort-users