[Snort-users] Logging not working

Ed Kasky ed at ...3483...
Thu Sep 20 21:53:03 EDT 2001


At 12:39 AM 9/21/2001 -0400, Gordon Ewasiuk wrote:
>On Thu, 20 Sep 2001, Ed Kasky wrote:
> > 0 Sep 20 20:09 0920 at ...3540...
> > 0 Sep 20 20:09 0920 at ...3541...
> >
> > ...and they stay empty.  There is no "alert" in /var/log/snort/
> >
> > Any pointer as to where to look next are appreciated.....
>
>Ed,
>
>The file might not have been created automagically during install.  Give
>it the ole:
>
>touch /var/log/snort/alert
>
>then restart snort.

Did just that - had no effect.  It did create another set of snort.alert 
and snort.log though - and I noticed that the older ones had something in 
them...

2096 Sep 20 21:44 0920 at ...3540...
4096 Sep 20 21:08 0920 at ...3541...

0 Sep 20 21:44 0920 at ...3543...
0 Sep 20 21:44 0920 at ...3544...

But - when I tried to view them I get the following:

"0920 at ...3540..." may be a binary file.  See it anyway?

If I answer yes, I see

<D4><C3><B2><A1>^A^@^@^^@^@^@<90><9D><FF><FF>^A^@^@^@<E9>
^D^@^@^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^C<B6><AA>;s<B1>
^F^@<D8><AC>K
^B

and a lot more of the same kind of characters.

Is this a database file????






More information about the Snort-users mailing list