[Snort-users] snort and guardian

Björn Brombach b.brombach at ...9655...
Tue Aug 19 06:15:18 EDT 2003


Hi all,
i have got an urgent problem using snort and guardian.
I configured snort to write alerts to syslog (alerts are stored in
/var/log/messages) and mysql database.
I configured guardian to the /var/log directory to hopefully use the
messages file.
SuSe 8.2 is the system i have running and snort and guardian are newest
versions.
As guardian seems to run fine but just doesnt do anything i changed the
guardian_block.sh to just print some text to screen and write into a file.
But even with attacks using snot theres no reaction from guardian.
I tried to use snort -A Fast and use the snort.alert file for guardian but
no reaction as well.
I checked the log files, the alerts are stored there.
I started guardian in debug mode but did never get any debug information on
screen.

Do i have to configure snort in a special way to make guardian use the
alerts?

If you have guardian running please send me hints on how to get mine working
as well, or your starting command with configuration options for snort and
guardian.

Thanks for any help and reply.
-bb





More information about the Snort-users mailing list