[Snort-users] snort logging
phil.e at ...15568...
Wed Oct 17 10:28:56 EDT 2012
snort v2.9.2 Build 78
I have a question.
I had snort up and running fine a while ago, it didn't start on boot but i was going to fix that later.
The next time i turned the machine on, i noticed that it wasn't logging anymore. It is supposed to log
via the mysql database the old fashioned way without unified and barnyard.
On further investigation i noticed that nothing was appearing in /var/log/messages either.
I've turned the messages back on by uncommenting the relevant section in
However snort is still not outputting anything to tcpdump or the database.
It creates a file called tcpdump.log.number but doesn't write anything to it.
I'm getting a message in the syslog about imuxsock dropping messages due to rate limiting.
Is this relevant and how do i turn the rate limiting off.
More information about the Snort-users