[Snort-users] snort 1.8.6 + OpenBSD 3.2-stable

Darren darren at ...7695...
Sun Dec 8 09:41:02 EST 2002


Hello snort-users,

After spending all afternoon on this, I need some tips.

I am using OpenBSD 3.2-stable and snort 1.8.6 compiles from ports.

I can't get snort to write csv output.  Is this a known issue or
am I doing something wrong?

/etc/snort.conf

output alert_syslog: LOG_AUTH LOG_ALERT
output csv: /var/log/snort/snort.log msg,proto,timestamp,src,srcport,dst,dstport

-bash-2.05b$ ls -ld /var/log/snort
drwxr-xr-x  2 snort  snort  512 Dec  8 17:31 /var/log/snort
-bash-2.05b$ ls -l /var/log/snort/snort.log
-rw-r--r--  1 snort  snort  0 Dec  8 17:31 /var/log/snort/snort.log

I have to launch snort like this so it writes into /var/log/snort/
# snort -v -u snort -g snort -l /var/log/snort -D

-bash-2.05b$ ps auxw | grep snort
snort    21995 31.8  0.0   664   644 ??  Ss     5:38PM    0:14.62 snort -v -u snort -g snort -l /var/log/snort -D

Interestingly without the -l option it won't write there, but this
is less important.

I'd like syslog and csv output.

Snort was build like this
# cd /usr/ports/net/snort
# make install

-bash-2.05b$ grep LOG_AUTH /usr/include/syslog.h
#define LOG_AUTH        (4<<3)  /* security/authorization messages */
#define LOG_AUTHPRIV    (10<<3) /* security/authorization messages (private) */
        { "auth",       LOG_AUTH },
        { "authpriv",   LOG_AUTHPRIV },
        { "security",   LOG_AUTH },             /* DEPRECATED */
-bash-2.05b$ grep LOG_ALERT /usr/include/syslog.h    
#define LOG_ALERT       1       /* action must be taken immediately */
        { "alert",      LOG_ALERT },

-bash-2.05b$ snort -V

-*> Snort! <*-
Version 1.8.6 (Build 105)
By Martin Roesch (roesch at ...1935..., www.snort.org)
        
-- 
Best regards,
 Darren                          mailto:darren at ...7695...






More information about the Snort-users mailing list