Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 12 Jul 2002 09:45:17 +0400
From:      dawnshade <h-k@mail.ru>
To:        freebsd-security@freebsd.org
Subject:   Re[2]: Snort problem.
Message-ID:  <29552793875.20020712094517@mail.ru>
In-Reply-To: <20020712053845.GA89208@i-sphere.com>
References:  <60550254524.20020712090257@mail.ru> <20020712053845.GA89208@i-sphere.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hello faSty,

Friday, July 12, 2002, 9:38:45 AM, you wrote:

f> Did you check /var/log/messages because -s mean it goes directly syslogd send
f> to /var/log/messages. Depend on what your syslogd.conf unless it is default
f> syslogd.conf then check /var/log/messages.

f> My snort on bridge look like:
f> /usr/local/bin/snort -A full -D -e -d -s -i fxp1 -c /usr/local/etc/snort.conf

f> -fasty

f> On Fri, Jul 12, 2002 at 09:02:57AM +0400, dawnshade wrote:
>>  I have a little problem:
>>  install, configure snort (1.8.6 (Build 105)).
>>  Run: /usr/local/bin/snort -c /usr/local/etc/snort/snort.conf -s -A full -d -D -l /usr/log/snort
>> 
>>  But the snort does nothing: not log or alert scans, portscans,
>>  etc....
>>  
>>  thank all for advance.
>>   
>> 

in syslog.conf i added these lines:

LOG_ALERT                                     /usr/log/snort.log
LOG_AUTHPRIV                                  /usr/log/snort.log  

In messages only starting message snort:

Jul 12 09:44:01 mx /kernel: cp0: promiscuous mode enabled
Jul 12 09:44:01 mx snort: Initializing daemon mode 
Jul 12 09:44:01 mx snort: PID stat checked out ok, PID set to /var/run/ 
Jul 12 09:44:01 mx snort: Writing PID file to "/var/run/" 
Jul 12 09:44:01 mx snort: WARNING: command line overrides rules file alert plugin!
Jul 12 09:44:01 mx snort: WARNING: command line overrides rules file alert plugin! 
Jul 12 09:44:01 mx snort: limit == 128 
Jul 12 09:44:01 mx snort: UnifiedLogFilename = snort.log 
Jul 12 09:44:02 mx snort[21582]: Snort initialization completed successfully, Snort running

-- 
Best regards,
 dawnshade                            mailto:h-k@mail.ru


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?29552793875.20020712094517>