[Snort-users] snort logging

Philip Edwards phil.e at ...15568...
Wed Oct 17 10:28:56 EDT 2012


xubuntu 11.10   
snort v2.9.2 Build 78


Hi,

I have a question.
I had snort up and running fine a while ago, it didn't start on boot but i was going to fix that later.
The next time i turned the machine on, i noticed that it wasn't logging anymore. It is supposed to log 
via the mysql database the old fashioned way without unified and barnyard.

On further investigation i noticed that nothing was appearing in /var/log/messages either.

I've turned the messages back on by uncommenting the relevant section in 

/etc/rsyslog.d/50-default.conf

However snort is still not outputting anything to tcpdump or the database.
It creates a file called tcpdump.log.number but doesn't write anything to it.

I'm getting a message in the syslog about imuxsock dropping messages due to rate limiting. 
Is this relevant and how do i turn the rate limiting off.


Thanks 
Phil



More information about the Snort-users mailing list