[Snort-users] snort 1.9 + OpenBSD 3.2-stable

twig les twigles at ...131...
Mon Dec 9 10:08:08 EST 2002


Did you chown snort:snort /var/log/snort?


--- Darren <darren at ...7695...> wrote:
> 
> Hello larc,
> 
> I upgraded to snort 1.9 and still adding the
> following 2 lines.
> 
> I used ./configure with no options.
> 
> /etc/snort.conf
> 
> output alert_syslog: LOG_AUTH LOG_ALERT
> output CSV: /var/log/alert.csv default
> etc
> [I have also tried with commenting out alert_syslog]
> 
> /etc/snort/classification.config
> /etc/snort/*.rules
> 
> Nothing goes in any of the /var/log/* files, nor
> does it log to
> 
> -bash-2.05b$ ls -l /var/log/alert.csv
> -rw-r--r--  1 snort  snort  0 Dec  9 15:14
> /var/log/alert.csv
> 
> -bash-2.05b$ sudo snort -v -u snort -g snort -l
> /var/log/snort -D
> Initializing Output Plugins!
> 
> I don't think something is broke, but it's the way
> i'm using it.
> 
> Anyone got any thoughts?
> 
> Darren
> 
> Monday, December 9, 2002, 10:56:19 AM, you wrote:
> 
> l> Hi,
> 
> l> Well the best tip that I can give is, go to
> www.snort.org and download snort 1.9
> l> Version 1.8.6 is really old and there are no
> signatures for it anymore.
> 
> l> Stefan D.
> 
> l> ------------------------
> l>  Darren <darren at ...7695...> wrote:
> l> ------------------------
> l> Hello snort-users,
> >>
> >>After spending all afternoon on this, I need some
> tips.
> >>
> >>I am using OpenBSD 3.2-stable and snort 1.8.6
> compiles from ports.
> >>
> >>I can't get snort to write csv output.  Is this a
> known issue or
> >>am I doing something wrong?
> >>
> >>/etc/snort.conf
> >>
> >>output alert_syslog: LOG_AUTH LOG_ALERT
> >>output csv: /var/log/snort/snort.log
> msg,proto,timestamp,src,srcport,dst,dstport
> >>
> >>-bash-2.05b$ ls -ld /var/log/snort
> >>drwxr-xr-x  2 snort  snort  512 Dec  8 17:31
> /var/log/snort
> >>-bash-2.05b$ ls -l /var/log/snort/snort.log
> >>-rw-r--r--  1 snort  snort  0 Dec  8 17:31
> /var/log/snort/snort.log
> >>
> >>I have to launch snort like this so it writes into
> /var/log/snort/
> >># snort -v -u snort -g snort -l /var/log/snort -D
> >>
> >>-bash-2.05b$ ps auxw | grep snort
> >>snort    21995 31.8  0.0   664   644 ??  Ss    
> 5:38PM    0:14.62 snort -v -u snort -g snort -l
> /var/log/snort -D
> >>
> >>Interestingly without the -l option it won't write
> there, but this
> >>is less important.
> >>
> >>I'd like syslog and csv output.
> >>
> >>Snort was build like this
> >># cd /usr/ports/net/snort
> >># make install
> >>
> >>-bash-2.05b$ grep LOG_AUTH /usr/include/syslog.h
> >>#define LOG_AUTH        (4 Snort! 
> 
> 
> 
> 
>
-------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
If you give a man a fish, he can eat for a day
If you bludgeon him to death, you can eat the fish yourself                       
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




More information about the Snort-users mailing list