[Snort-users] Logging not working

Ed Kasky ed at ...3483...
Fri Sep 21 23:06:01 EDT 2001

At 01:30 AM Friday, 9/21/2001, Gordon Ewasiuk wrote -=>

> > "0920 at ...3540..." may be a binary file.  See it anyway?
> > Is this a database file????
>Appears so.  You got a '-b' on your snort cmd line?  that logs to a binary
>file.  Think you gotta replay those like tcpdump.  Logging to binary file

Like I posted last night, no -b on the snort cmd line but I found the 
following in my snort.conf:

#The unified format is a straight binary format for logging data
# out of Snort that is designed to be fast and efficient.

output alert_unified: snort.alert
output log_unified: snort.log

I commented out the 2 lines, restarted now with the following:

/usr/local/bin/snort -u snort -D -c /usr/local/snort/snort.conf -A fast /
  -l /var/log/snort

And I am happy to report that it is now logging to /var/log/snort/alert in 

Now I just ned to figure out what to do with all these "WEB-IIS CodeRed v2 
root.exe access" and "WEB-IIS cmd.exe access" and "WEB-IIS multiple decode 
attempt" coming in to the web server....

Thanks again for the help......


Ed Kasky
Los Angeles, CA
. . . . . . . .
A closed mind is a beautiful thing to lose.

More information about the Snort-users mailing list