[Snort-users] snort 2.0.0 logging problem?

Erek Adams erek at ...950...
Thu Jun 19 06:27:05 EDT 2003


On Thu, 19 Jun 2003, sb ch wrote:

> When I see my snort log file, I found that the logging is not work well
> always like below.
> Same lines are logged again like below.
> Surely some messgaes are logged well but some aren't.
>
> What's the proble mand how can I solve this problem?
>
> [**] [1:2049:1] MS-SQL ping attempt [**]
> [Classification: Misc activity] [Priority: 3]
> [**] [1:2049:1] MS-SQL ping attempt [**]
> [Classification: Misc activity] [Priority: 3]
> 06/18-18:43:44.248450 211.xx.xx.xx:3314 -> 255.255.255.255:1434
> UDP TTL:128 TOS:0x0 ID:40608 IpLen:20 DgmLen:29
> Len: 1
> [Xref => http://cgi.nessus.org/plugins/dump.php3?id=10674]
> 06/18-18:43:44.248450 211.xx.xx.xx:3314 -> 255.255.255.255:1434
>
> UDP TTL:126 TOS:0x0 ID:40608 IpLen:20 DgmLen:29
> Len: 1
> [Xref => http://cgi.nessus.org/plugins/dump.php3?id=10674]

What info are you expecting?  That's the info from an 'full alert' file.

That's perfectly normal...  Now if you're expecting the entire packet
dump, you'll need to log to a pcap, unified, or a DB.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list