[Snort-users] Very Limited Logging

Brian Swan steelysama at ...11827...
Wed Sep 26 14:55:42 EDT 2012


Hi all,
   I am having a strange problem with Snort. I recently installed it along
with Barnyard2 on a CentOS 6.3 64-bit machine. They both seemingly run
fine, but it looks like Snort is not committing very much at all to the log
files. All of the log files (I am using the unified2 type) are very small,
some of them empty, and Barnyard is registering only a single signature
repeatedly and at sparse intervals:

09/26-07:34:15.475267  [**] [1:23493:1] BOTNET-CNC Trojan.ZeroAccess
outbound communication  [**] [Classification: A Network Trojan was
Detected] [Priority: 1] {UDP} 77.8.197.82:57155 -> ***edited out***

The target IP is not from my machine, it is just on the same subnet.

I have tried adjusting all kinds of settings and nothing seems to make a
difference. The logging remains extremely sparse and seems confined to only
this one signature.

Snort v. 2.9.3.1
Barnyard2 v. 2.1.9

I will post output that might help.

Thank you,
   Steely
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120926/5152f24f/attachment.html>


More information about the Snort-users mailing list