[Snort-users] log file

Tom Murdock t_murdock at ...125...
Sun Apr 27 21:25:11 EDT 2003


Good evening:

Spent a lot of time but wasn�t successful: Cannot find any...
Running Snort 1.2 on R/H 8.

Too many errors encountered; the rest of the message is ignored:
In HTTPD dir there is LOGS directory with 6 months old file.
In SNORT dir there are:

1. ALERT dir in which data are like:

[**] [1:0:0] All packets are scanned on Tosh  [**]
[Priority: 0]
03/14-19;24;50.015625 12.212�����.> 66.218�����..
ICMP  TTL:64��������.

If on first line Tosh is TOSHIBA, this is my machine where I am running 
Snort.

2. SCAN.LOG is second dir where there is file like [everything is in one 
line]

03/24-11:48:42.482118 ICMP src: 216.47���� dst 216.47����.type: 8
code: 0  tgts: 6 event_id:0

I would like also to make my own file and have logged data in it. I can test 
it with NMapWin from other machine but I do not know how I can right rule 
for this particularly case. For default log file [but where is it?] the 
rules should be:

Log tcp any any  >  26.231����./23 21 23 (session: printable)

I also know that to log all packets in my own file the format is:

logto: �<file name>�;

but where to put in above rule?


Appreciate help indeed.

Thanks, Murdock










_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail





More information about the Snort-users mailing list