[Snort-users] I am a newbie
wkitty42 at ...14940...
Fri Jan 3 12:54:34 EST 2014
On 1/3/2014 11:04 AM, Fabien Delmotte wrote:
> Hello Waldo,
> I am updating my snort (I am under Debian and it seems that the package is old).
i can understand that... you will probably end up uninstalling the repository
version in the building the latest from the sources... unless, of course, you
can find a precompiled package of the latest snort version...
>> what is the problem? all you've written are statements about what you did but
>> nothing about what you expect to see or what you are seeing...
> I would like to see a log.
assuming that the default logging options are in play, then /var/log/snort/alert
will be the textual alert log file... in that same directory, there will be
snort.log.xxxxxxxxxxxxxx where the 'x' are digits... those are binary pcap files
of the traffic that caused the alerts... each time snort is (re)started, it will
create a new snort.log.xxxxxxxxxxxxxx file...
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
More information about the Snort-users