[Snort-users] snort 1.9 + OpenBSD 3.2-stable

Darren darren at ...7695...
Mon Dec 9 07:22:05 EST 2002

Hello larc,

I upgraded to snort 1.9 and still adding the following 2 lines.

I used ./configure with no options.


output alert_syslog: LOG_AUTH LOG_ALERT
output CSV: /var/log/alert.csv default
[I have also tried with commenting out alert_syslog]


Nothing goes in any of the /var/log/* files, nor does it log to

-bash-2.05b$ ls -l /var/log/alert.csv
-rw-r--r--  1 snort  snort  0 Dec  9 15:14 /var/log/alert.csv

-bash-2.05b$ sudo snort -v -u snort -g snort -l /var/log/snort -D
Initializing Output Plugins!

I don't think something is broke, but it's the way i'm using it.

Anyone got any thoughts?


Monday, December 9, 2002, 10:56:19 AM, you wrote:

l> Hi,

l> Well the best tip that I can give is, go to www.snort.org and download snort 1.9
l> Version 1.8.6 is really old and there are no signatures for it anymore.

l> Stefan D.

l> ------------------------
l>  Darren <darren at ...7695...> wrote:
l> ------------------------
l> Hello snort-users,
>>After spending all afternoon on this, I need some tips.
>>I am using OpenBSD 3.2-stable and snort 1.8.6 compiles from ports.
>>I can't get snort to write csv output.  Is this a known issue or
>>am I doing something wrong?
>>output alert_syslog: LOG_AUTH LOG_ALERT
>>output csv: /var/log/snort/snort.log msg,proto,timestamp,src,srcport,dst,dstport
>>-bash-2.05b$ ls -ld /var/log/snort
>>drwxr-xr-x  2 snort  snort  512 Dec  8 17:31 /var/log/snort
>>-bash-2.05b$ ls -l /var/log/snort/snort.log
>>-rw-r--r--  1 snort  snort  0 Dec  8 17:31 /var/log/snort/snort.log
>>I have to launch snort like this so it writes into /var/log/snort/
>># snort -v -u snort -g snort -l /var/log/snort -D
>>-bash-2.05b$ ps auxw | grep snort
>>snort    21995 31.8  0.0   664   644 ??  Ss     5:38PM    0:14.62 snort -v -u snort -g snort -l /var/log/snort -D
>>Interestingly without the -l option it won't write there, but this
>>is less important.
>>I'd like syslog and csv output.
>>Snort was build like this
>># cd /usr/ports/net/snort
>># make install
>>-bash-2.05b$ grep LOG_AUTH /usr/include/syslog.h
>>#define LOG_AUTH        (4 Snort! 

More information about the Snort-users mailing list