[Snort-users] Re: Some Events are not logging to the snort logs

Adam Goldstein adam.goldstein at ...4511...
Wed Jan 9 09:26:02 EST 2002


I am experiencing the same problem.  The Web-IIS ISAPI .ida attempt rule triggers alerts but does not log to the binary file.  I am also using the 1.8.3 ruleset (I had the same problem with 1.8.1) and a nearly identical command line but without the syslog.
- Adam
adam.goldstein at ...4511...


> Date: Tue, 08 Jan 2002 22:58:27 -0500
> From: Martin Roesch <roesch at ...1935...>
> To: Josh Lutz <jlutz at ...4503...>
> CC: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Some Events are not logging to the snort logs.
>
> An alert should be send to syslog and the packet should be logged in the
> binary log file.  Is this not the case for you?
>
>      -Marty
>
> Josh Lutz wrote:
> >
> > Okay. I figured out what was going on... I was reading it that the
> > logging would take place in both the logging directory specified at the
> > command line and to the syslog (with the -s switch). Apparently this is
> > not the case.
> >
> > Well, that's good to know.
> > Josh
> >
> >
> > ---------------------------------------------
> > Joshua Lutz
> > Network Engineer, ESI Enterprises, Inc.
> > 1188 Centre Street
> > Newton Centre MA 02459
> > p. 617.527.4343 x107
> > f. 617.527.3303
> > e. jlutz at ...4501...
> Date: Tue, 8 Jan 2002 15:21:53 -0500
> From: "Josh Lutz" <jlutz at ...4503...>
> To: <snort-users at lists.sourceforge.net>
> Subject: [Snort-users] Some Events are not logging to the snort logs.
>
> I check /var/log/authlog and I see attempts by the Code Red II worm
> testing my perimeter (coming in, not going out.) However, when I look at
> the snort logs, I do not see any record of the attempt. As I understand
> it, my snort log should capture these attempts and send an alert. As a
> new user to Snort, I am uncertain at best, but to aid any one assisting
> me, I am starting snort via the following cmd line:
> [path to snort]/snort -i xl1 -d -c [path to snort.conf] -l
> /home/snort/ext_log -s -b -D





More information about the Snort-users mailing list