[Snort-users] Logging not working

Ed Kasky ed at ...3483...
Thu Sep 20 20:21:02 EDT 2001

I just installed snort for the first time in hopes of using it as an IDS 
for our small network.  I am having trouble figuring out the logging and 
can't find the exact answer in the archives or the docs as of yet.

Setup: 	Snort Version 1.8.1-RELEASE (Build 74)
		Redhat 6.1

I start snort with the following:
/usr/local/bin/snort -D  -c /usr/local/snort/snort.conf

 From the faq:
If you specified a logging directory with the -l parameter then that is 
where your files are located.
If you did not specify a logging directory then Snort will log to 
/var/log/snort/. In the past, running
Snort in daemon mode (-D) produced a file named "snort.alert". For 
consistency sake, this has
been changed. Running Snort in both standard or daemon modes (-D) will 
produce a file named "alert".

However, when I start snort, the following are created depending on the 
date and time of course:

0 Sep 20 20:09 0920 at ...3540...
0 Sep 20 20:09 0920 at ...3541...

...and they stay empty.  There is no "alert" in /var/log/snort/

Any pointer as to where to look next are appreciated.....


More information about the Snort-users mailing list