[Snort-users] snort 1.9 + OpenBSD 3.2-stable
darren at ...7695...
Mon Dec 9 07:22:05 EST 2002
I upgraded to snort 1.9 and still adding the following 2 lines.
I used ./configure with no options.
output alert_syslog: LOG_AUTH LOG_ALERT
output CSV: /var/log/alert.csv default
[I have also tried with commenting out alert_syslog]
Nothing goes in any of the /var/log/* files, nor does it log to
-bash-2.05b$ ls -l /var/log/alert.csv
-rw-r--r-- 1 snort snort 0 Dec 9 15:14 /var/log/alert.csv
-bash-2.05b$ sudo snort -v -u snort -g snort -l /var/log/snort -D
Initializing Output Plugins!
I don't think something is broke, but it's the way i'm using it.
Anyone got any thoughts?
Monday, December 9, 2002, 10:56:19 AM, you wrote:
l> Well the best tip that I can give is, go to www.snort.org and download snort 1.9
l> Version 1.8.6 is really old and there are no signatures for it anymore.
l> Stefan D.
l> Darren <darren at ...7695...> wrote:
l> Hello snort-users,
>>After spending all afternoon on this, I need some tips.
>>I am using OpenBSD 3.2-stable and snort 1.8.6 compiles from ports.
>>I can't get snort to write csv output. Is this a known issue or
>>am I doing something wrong?
>>output alert_syslog: LOG_AUTH LOG_ALERT
>>output csv: /var/log/snort/snort.log msg,proto,timestamp,src,srcport,dst,dstport
>>-bash-2.05b$ ls -ld /var/log/snort
>>drwxr-xr-x 2 snort snort 512 Dec 8 17:31 /var/log/snort
>>-bash-2.05b$ ls -l /var/log/snort/snort.log
>>-rw-r--r-- 1 snort snort 0 Dec 8 17:31 /var/log/snort/snort.log
>>I have to launch snort like this so it writes into /var/log/snort/
>># snort -v -u snort -g snort -l /var/log/snort -D
>>-bash-2.05b$ ps auxw | grep snort
>>snort 21995 31.8 0.0 664 644 ?? Ss 5:38PM 0:14.62 snort -v -u snort -g snort -l /var/log/snort -D
>>Interestingly without the -l option it won't write there, but this
>>is less important.
>>I'd like syslog and csv output.
>>Snort was build like this
>># cd /usr/ports/net/snort
>># make install
>>-bash-2.05b$ grep LOG_AUTH /usr/include/syslog.h
>>#define LOG_AUTH (4 Snort!
More information about the Snort-users