[Snort-users] I am a newbie

[waldo kitty]

On 1/3/2014 11:04 AM, Fabien Delmotte wrote:
> Hello Waldo,
>
> I am updating my snort (I am under Debian and it seems that the package is old).

i can understand that... you will probably end up uninstalling the repository 
version in the building the latest from the sources... unless, of course, you 
can find a precompiled package of the latest snort version...

>> what is the problem? all you've written are statements about what you did but
>> nothing about what you expect to see or what you are seeing...
>
>
> I would like to see a log.

assuming that the default logging options are in play, then /var/log/snort/alert 
will be the textual alert log file... in that same directory, there will be 
snort.log.xxxxxxxxxxxxxx where the 'x' are digits... those are binary pcap files 
of the traffic that caused the alerts... each time snort is (re)started, it will 
create a new snort.log.xxxxxxxxxxxxxx file...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.