Snort mailing list archives

RE: snort not logging to log files..

From: Ross Tsolakidis <rtsolakidis () powerserve com au>
Date: Mon, 22 Apr 2002 09:09:23 +1000

Yes I'm on a switched network...
The interface I'm on sniffs the main port of entry/exit to the network.  I
run IPTRAF on that interface and are 100% sure that I see all the traffic
coming into the network  :)

I did not edit anything and used the Debian install (apt-get install snort).
When Debian installs Snort it asks a few questions.
What interface do you want to listen to ?  (eth0)
What address range ?   (blah.blah.blah.blah/blah)  ;)
Do you want root to receive mail ?   (yes)
So Debian pretty much configures the snort.conf

Debian sets Snort to automatically run.

I've just checked it this morning and I have more blank files in
/var/log/snort  :)
Very strange !

Any ideas ?

Thanks.

--
Ross.




-----Original Message-----
From: Erek Adams [mailto:erek () theadamsfamily net]
Sent: Saturday, 20 April 2002 3:52 AM
To: Ross Tsolakidis
Cc: 'snort-users () lists sourceforge net'
Subject: Re: [Snort-users] snort not logging to log files..


On Fri, 19 Apr 2002, Ross Tsolakidis wrote:

[...snip...]

I've run countless scans on the network and the host machine and I get
nothing in the logs..   /var/log/snort/
The strange thing about it is there are files in that dir but the size of
all the files is 0, they have nothing in them, but more files keep getting
added, empty ones !
I've also set snort up to email me daily, and all I get are blank emails,
I'm sure it's related to the blank files in /var/log/snort !

Can anyone shed any light on what's going on here...


Are you on a switched net?  If so, you might not see what you expect[0].
Are
you on a "dual speed hub" or "autoswitching hub?"?  Again, you might not see
what you expect[1].  What does the command line to snort look like?  IOW,
what
does /etc/init.d/snort start _really_ 'do'?  Did you edit and configure the
snort.conf file?  What version of snort?  Did you build your own or use the
.deb version?

Just playing hunches/"law of averages"...  :)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net

[0]     http://www.snort.org/docs/faq.html#1.8
[1]     http://www.snort.org/docs/faq.html#6.21

Current thread:

snort not logging to log files.. Ross Tsolakidis (Apr 19)
- Re: snort not logging to log files.. Erek Adams (Apr 19)
- <Possible follow-ups>
- RE: snort not logging to log files.. Ross Tsolakidis (Apr 22)
  - RE: snort not logging to log files.. Erek Adams (Apr 22)