[Snort-users] snort logging issue

J MCN nmkj05 at ...11827...
Wed Feb 13 14:04:44 EST 2013


Hey Folks - I recently fired up snort using arch armv6 and a raspberry
pi. I then used yaourt to install snort as pacman didn't seem to find
snort in the community repo like the docs said.
It works fairly well but whenever it writes to
/var/log/snort/snort.log.* the characters it uses are unreadable.
Example:

Testing with ping:

sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0

02/13-13:52:45.181625  [**] [1:10000001:0] ICMP test [**] [Priority:
0] {ICMP} 192.168.2.1 -> 192.168.2.3
02/13-13:52:45.181836  [**] [1:10000001:0] ICMP test [**] [Priority:
0] {ICMP} 192.168.2.3 -> 192.168.2.1
02/13-13:52:46.182778  [**] [1:10000001:0] ICMP test [**] [Priority:
0] {ICMP} 192.168.2.1 -> 192.168.2.3

Writing directly to the console appears all good. But the log itself
looks like this:

cat snort.log.1360777055
?ò??{??fbb?'????H?~EW@??????s>CQ?
!"#$%&'()*+,-./01234567{?rgbb??H?~]?'?ET?\@o??????s>CQ?
!"#$%&'()*+,-./01234567|??ibb?'????H?~ET8M@?????#>CQ|
!"#$%&'()*+,-./01234567|?Ojbb??H?~]?'?ET?]@o??????#>CQ|

I have tried a few different output configurations at this point. Same
state regardless of the output options it seems. Also tried to rebuild
from scratch using another raspi with the same result (I thought i
messed up my locale before compiling snort). Not quite sure what else
to try. Same results leaving the snort.conf as default as possible.
Any thoughts or comments?

Thanks

J




More information about the Snort-users mailing list