Re: Why no log output from snort?
On Sat, 12 Jun 2004 11:21 pm, Charles Grellois wrote:
> James Sinnamon wrote:
> > Dear Debian firewallers,
> > I am running snort:
> >
> > greenhouse:/etc/snort# ps axww | grep snort
> > 1723 ? Ss 0:01 /usr/sbin/snort -m 027 -D -c
>
> /etc/snort/snort.conf
>
> > -l /var/log/snort -d -u snort -g snort -O -S HOME_NET=[192.168.0.0/24] -i
> > eth0,
> >
> > .... but the log files are empty:
> >
> > greenhouse:/etc/snort# ls -l /var/log/snort/
> > total 0
> > -rw-r----- 1 snort adm 0 2004-06-12 15:50 alert
> > -rw-r----- 1 root adm 0 2004-06-12 16:53
> > snort.log.1087023225
> >
> > Can anyone spot the problem?
> >
> > TIA
> >
> > James Sinnamon
>
> I had the same problem because Snort didn't recognize my rules
> directory. I fixed it by using snort -C /path/to/rules & . It's working
> now.
>
> I hope it'll help you,
Firstly, thanks for your very prompt reply.
I still had problems though. This is the
command I used:
/usr/sbin/snort -m 027 -D -c /etc/snort/snort.conf -l /var/log/snort -\
-C /etc/snort/rules/ -d -u snort -g snort -O -S HOME_NET=[192.168.0.0/24] \
-i eth0
... and this is the output in /var/log/daemon.log :
greenhouse:/var/log# tail -1f daemon.log
Jun 12 23:49:44 greenhouse snort: FATAL ERROR: OpenPcap() FSM compilation
failed: ^Isyntax error PCAP command: /etc/snort/rules
Any ideas?
Thanks again.
regards,
James
--
James Sinnamon
jps at westnet com auStralia
ph +61 412 319669, +61 2 95692123, +61 2 95726357
Reply to: