Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort + OpenBSD3.0 "Easy" Questions

From: Ken Schweigert <ken () byte-productions com>
Date: Wed, 17 Apr 2002 12:34:51 -0400
I just launched my first snort sensor and have a few questions.  I
wanted to search the archives, but snort.org seems to be having
some problems this morning.

Background:  I've been running linux for about 3 years.  Feeling
brave, I decided to try OpenBSD-3.0 and Snort-1.8.6.  OpenBSD is
running fine, and Snort is logging alerts inside /var/log/snort.

Q1:     Although I have the -s switch specified, none of the alerts
get logged to syslog, only to /var/log/snort.  Snort was started with:
  /usr/local/bin/snort -d -s -c /etc/snort/snort.conf -A full -D 

From my snort.conf file:


bash-2.05# grep syslog snort.conf
# alert_syslog: log alerts to syslog
# Use one or more syslog facilities as arguments
output alert_syslog: LOG_AUTH LOG_ALERT
# This example will create a rule type that will log to syslog
#   output alert_syslog: LOG_AUTH LOG_ALERT


Q2:     Will 'kill -s SIGUSR1 <Snort-PID>' produce statistics on
OpenBSD?  Is this a linux-specific thing?

bash-2.05# ps ax
  PID TT   STAT      TIME COMMAND
    1 ??  Is      0:00.01 /sbin/init
28525 ??  Is      0:00.29 syslogd
29680 ??  Is      0:00.00 portmap
23386 ??  Is      0:00.00 inetd
30898 ??  Is      0:00.01 /usr/sbin/sshd
16670 ??  Ss      0:00.53 cron
10538 ??  Ss      0:45.06 /usr/local/bin/snort -d -s -c /etc/snort/snort.conf -A full -D
15207 ??  S       0:00.12 sshd: ken@ttyp0 (sshd)
10684 p0  Is      0:00.01 -bash (bash)
30697 p0  S       0:00.02 -bash (bash)
14776 p0  R+      0:00.00 ps -ax
  473 C0  Is+     0:00.00 /usr/libexec/getty Pc ttyC0
10147 C1  Is+     0:00.00 /usr/libexec/getty Pc ttyC1
 7790 C2  Is+     0:00.00 /usr/libexec/getty Pc ttyC2
14525 C3  Is+     0:00.00 /usr/libexec/getty Pc ttyC3
29643 C5  Is+     0:00.00 /usr/libexec/getty Pc ttyC5
bash-2.05# kill -s SIGUSR1 10538
bash-2.05#

If these are easy one's, then I guess this round's on me.  :)
If nothing else, at least I got to introduce myself.
-- 
-Ken Schweigert, Aspiring Network Administrator
Byte Productions, LLC
http://www.byte-productions.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: