[Snort-users] Snort isn't logging to snort.log but is to snort.alert

Joel Esler jesler at ...1935...
Sun Apr 25 15:05:30 EDT 2010


You should not output from snort using thr output database line. You  
should output using output unified and then use barnyard to read the  
unifies file an output to database.

--
Joel Esler
Sent from my iPhone

On Apr 25, 2010, at 2:30 PM, ccie 6862 <ccie6862 at ...131...> wrote:

> Last night I upgraded snort from 2.8.4 to 2.8.5.3. In the process of  
> going over everything, I noticed that I had never uncommented the  
> "output database" line. I added a line to the "preprocessor  
> frag3_engine" to eliminate some noisy alerts and a couple lines to  
> threshold.conf.
>
> Up to this point, snort was logging OK. Now, snort only is logging  
> to the snort.alert.### file but not the snort.log.### file. I don't  
> see any problems in the /var/log/messages file, and I'm not really  
> sure how to figure out what's wrong.
>
> I'd be very grateful if anyone can point me in the right direction.
>
> I have another question about barnyard, which is also installed.  
> Does the "output database" have to be uncommented in the snort  
> configuration given I'm running barnyard? From reading the  
> documentation, I believe barnyard is duplicating entering the data  
> into mysql; however, I configured this based on some how-to's for  
> installing snort and barnyard.
>
> Thank you.
>
>
>
>
> --- 
> --- 
> --- 
> ---------------------------------------------------------------------
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list