Re: #124169: snort: Lack of logging to /var/log/secure in default setup & log permissions

To: Andrew Lau <netsnipe@debianplanet.org>
Cc: debian-devel@lists.debian.org, 124169@bugs.debian.org
Subject: Re: #124169: snort: Lack of logging to /var/log/secure in default setup & log permissions
From: Matt Zimmerman <mdz@debian.org>
Date: Sun, 3 Feb 2002 14:51:11 -0500
Message-id: <[🔎] 20020203195111.GX3525@alcor.net>
Mail-followup-to: Andrew Lau <netsnipe@debianplanet.org>, debian-devel@lists.debian.org, 124169@bugs.debian.org
In-reply-to: <[🔎] 20020203100431.GA12044@debianplanet.org>
References: <[🔎] 20020202083015.GA10937@debianplanet.org> <[🔎] 20020202090019.GK29655@alcor.net> <[🔎] 20020202093353.GA13240@debianplanet.org> <[🔎] 20020202210256.GC3525@alcor.net> <[🔎] 20020203100431.GA12044@debianplanet.org>

On Sun, Feb 03, 2002 at 09:04:31PM +1100, Andrew Lau wrote:

> On Sat, Feb 02, 2002 at 04:02:56PM -0500, Matt Zimmerman wrote:
> 
> > I think what you are asking is for a line like this to be added to
> > /etc/snort/snort.conf by default:
> >
> > output alert_syslog: LOG_AUTH LOG_ALERT
> >
> > By default, there don't seem to be any output plugins selected.
> > Personally, I use a line like the above.
> 
> Yes this is what I would like to be the Debian default in snort. Does
> enabling this option actually work on your box? However, as I stated
> in my first email to debian-devel, I have tried this option already
> and so far have not seen a single snort related incident being
> reported in auth.log despite portscanning myself several times both
> locally and remotely. So is there a bug in snort's syslog notification
> capabilities?

Yes, it works fine here.

auth.log.1.gz:Feb  3 04:18:34 mizar snort: spp_portscan: PORTSCAN DETECTED to port 6112 from 200.29.90.11 (STEALTH)

Did you restart snort after making this change?  Which syslog daemon are you
using, and have you modified the syslog configuration at all?

-- 
 - mdz

Reply to:

References:
- #124169: snort: Lack of logging to /var/log/secure in default setup & log permissions
  - From: Andrew Lau <netsnipe@debianplanet.org>
- Re: #124169: snort: Lack of logging to /var/log/secure in default setup & log permissions
  - From: Matt Zimmerman <mdz@debian.org>
- Re: #124169: snort: Lack of logging to /var/log/secure in default setup & log permissions
  - From: Andrew Lau <netsnipe@debianplanet.org>
- Re: #124169: snort: Lack of logging to /var/log/secure in default setup & log permissions
  - From: Matt Zimmerman <mdz@debian.org>
- Re: #124169: snort: Lack of logging to /var/log/secure in default setup & log permissions
  - From: Andrew Lau <netsnipe@debianplanet.org>

Prev by Date: Re: Sponsoring packages confusion?
Next by Date: Re: It's Huntin' Season
Previous by thread: Re: #124169: snort: Lack of logging to /var/log/secure in default setup & log permissions
Next by thread: Re: #124169: snort: Lack of logging to /var/log/secure in default setup & log permissions
Index(es):
- Date
- Thread