[Snort-users] Logging not working
ed at ...3483...
Fri Sep 21 23:06:01 EDT 2001
At 01:30 AM Friday, 9/21/2001, Gordon Ewasiuk wrote -=>
> > "0920 at ...3540..." may be a binary file. See it anyway?
> > Is this a database file????
>Appears so. You got a '-b' on your snort cmd line? that logs to a binary
>file. Think you gotta replay those like tcpdump. Logging to binary file
Like I posted last night, no -b on the snort cmd line but I found the
following in my snort.conf:
#The unified format is a straight binary format for logging data
# out of Snort that is designed to be fast and efficient.
output alert_unified: snort.alert
output log_unified: snort.log
I commented out the 2 lines, restarted now with the following:
/usr/local/bin/snort -u snort -D -c /usr/local/snort/snort.conf -A fast /
And I am happy to report that it is now logging to /var/log/snort/alert in
Now I just ned to figure out what to do with all these "WEB-IIS CodeRed v2
root.exe access" and "WEB-IIS cmd.exe access" and "WEB-IIS multiple decode
attempt" coming in to the web server....
Thanks again for the help......
Los Angeles, CA
. . . . . . . .
A closed mind is a beautiful thing to lose.
More information about the Snort-users