IP Address subdirectories

["Phil Lyons" <plyons () hotmail com>]

<br><br><br>Phil Lyons
Voice/Fax: 630-839-6744
Hi,

I see no subdirectories under /var/log/snort for IP addresses.

I am familiar w/the faq 3.9:

3.9 --faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq--
Q: Why are there no subdirectories under /var/log/snort for IP addresses?

A: It depends on how your snort configuration logs. If it logs in binary
  format, you'll have to process the binary log in order to get cleartext

BUT - I am not to my knowledge logging binary - unless by using mysql to log
alerts that means binary?

OK, so I am obviously new to the snort world  :-/

I do have a cleartext alert logfile in /var/log/snort.


My configuration is as follows:


My command line to start:
/usr/local/bin/snort -u root -g xxxxxxx -m 006 -de -D -i eth1 -l 
/var/log/snort -c /etc/snort/snort.conf

My snort.conf lines:

---->cut

var HOME_NET any
output database: log, mysql, user=snort password=xxxxxxxx dbname=snort 
host=xx.x.x.x

---->cut

Using Version 1.8.1-RELEASE (Build 74) on Red Hat 7.0

I have recently added switches -e and -l /var/log/snort to try to get back 
my IP subdirectory logging. No luck.

What must I do to get my IP address logging facility back?

Your help is appreciated,

Phil Lyons



<br><br><br>Phil Lyons
Voice/Fax: 630-839-6744


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users