Re: Logging not working

[Ed Kasky <ed () esson net>]

At 12:39 AM 9/21/2001 -0400, Gordon Ewasiuk wrote:
> On Thu, 20 Sep 2001, Ed Kasky wrote:
> > 0 Sep 20 20:09 0920@2009-snort.alert
> > 0 Sep 20 20:09 0920 () 2009-snort log
> >
> > ...and they stay empty.  There is no "alert" in /var/log/snort/
> >
> > Any pointer as to where to look next are appreciated.....
>
> Ed,
>
> The file might not have been created automagically during install.  Give
> it the ole:
>
> touch /var/log/snort/alert
>
> then restart snort.

Did just that - had no effect.  It did create another set of snort.alert 
and snort.log though - and I noticed that the older ones had something in 
them...

2096 Sep 20 21:44 0920@2009-snort.alert
4096 Sep 20 21:08 0920 () 2009-snort log

0 Sep 20 21:44 0920@2144-snort.alert
0 Sep 20 21:44 0920 () 2144-snort log

But - when I tried to view them I get the following:

"0920@2009-snort.alert" may be a binary file.  See it anyway?

If I answer yes, I see

<D4><C3><B2><A1>^A^@^@^^@^@^@<90><9D><FF><FF>^A^@^@^@<E9>
^D^@^@^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^C<B6><AA>;s<B1>
^F^@<D8><AC>K
^B

and a lot more of the same kind of characters.

Is this a database file????



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users