Re: A size of log file is zero although there is an attack

[waldo kitty <wkitty42 () windstream net>]

On 10/4/2014 2:36 AM, Jutichai Thongkrachai wrote:
> To Waldo ,Shalif and Stephane,
>
>
> I found out a cause of my problem. the cause is the "$NO_PACKET_LOG" option
> (-N)  in Snort's startup script. I try to delete it, restart my Snort and then
> go to /var/log/snort where logs is in. I found out there are logs which has a
> size! :

excellent! this ensuring that the snort startup scripts are checked might be 
something that needs to be added to the FAQ... this is not the first time it has 
been run into... the really bad part is that those startup scripts for snort are 
generally named "snort" and folks don't realize that they are running a script 
instead of the binary... that mainly because folks don't specify the full path 
to what they are trying to run... but anyway, glad you figured it out :)

/me wonders why anyone would create a script that did not allow for logging like 
this...

-- 
  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!