[Snort-users] log file
t_murdock at ...125...
Sun Apr 27 21:25:11 EDT 2003
Spent a lot of time but wasn�t successful: Cannot find any...
Running Snort 1.2 on R/H 8.
Too many errors encountered; the rest of the message is ignored:
In HTTPD dir there is LOGS directory with 6 months old file.
In SNORT dir there are:
1. ALERT dir in which data are like:
[**] [1:0:0] All packets are scanned on Tosh [**]
03/14-19;24;50.015625 12.212�����.> 66.218�����..
If on first line Tosh is TOSHIBA, this is my machine where I am running
2. SCAN.LOG is second dir where there is file like [everything is in one
03/24-11:48:42.482118 ICMP src: 216.47���� dst 216.47����.type: 8
code: 0 tgts: 6 event_id:0
I would like also to make my own file and have logged data in it. I can test
it with NMapWin from other machine but I do not know how I can right rule
for this particularly case. For default log file [but where is it?] the
rules should be:
Log tcp any any > 26.231����./23 21 23 (session: printable)
I also know that to log all packets in my own file the format is:
logto: �<file name>�;
but where to put in above rule?
Appreciate help indeed.
The new MSN 8: smart spam protection and 2 months FREE*
More information about the Snort-users