Snort mailing list archives
Re: Snort isn't logging to snort.log but is to snort.alert
From: Joel Esler <jesler () sourcefire com>
Date: Sun, 25 Apr 2010 15:05:30 -0400
You should not output from snort using thr output database line. You should output using output unified and then use barnyard to read the unifies file an output to database. -- Joel Esler Sent from my iPhone On Apr 25, 2010, at 2:30 PM, ccie 6862 <ccie6862 () yahoo com> wrote:
Last night I upgraded snort from 2.8.4 to 2.8.5.3. In the process of going over everything, I noticed that I had never uncommented the "output database" line. I added a line to the "preprocessor frag3_engine" to eliminate some noisy alerts and a couple lines to threshold.conf. Up to this point, snort was logging OK. Now, snort only is logging to the snort.alert.### file but not the snort.log.### file. I don't see any problems in the /var/log/messages file, and I'm not really sure how to figure out what's wrong. I'd be very grateful if anyone can point me in the right direction. I have another question about barnyard, which is also installed. Does the "output database" have to be uncommented in the snort configuration given I'm running barnyard? From reading the documentation, I believe barnyard is duplicating entering the data into mysql; however, I configured this based on some how-to's for installing snort and barnyard. Thank you. --- --- --- --------------------------------------------------------------------- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort isn't logging to snort.log but is to snort.alert ccie 6862 (Apr 25)
- Re: Snort isn't logging to snort.log but is to snort.alert Joel Esler (Apr 25)
- Re: Snort isn't logging to snort.log but is to snort.alert ccie 6862 (Apr 25)
- Re: Snort isn't logging to snort.log but is to snort.alert Joel Esler (Apr 25)