Re: Snort
Hi Jan-Frederik!
On Sun, Feb 25, 2001 you wrote:
> I am running Snort 1.5.1 on my machine. Unfortunately Snort is directly logging
> port scans (nmap/ nessus) into the snort.log file in binary format. I would like
> it to log alerts as well to syslog.
> The only thing snort logs is "snort uses obsolete (PF_INET,SOCK_PACKET)" in
> /var/log/messages.
> As far as I think I have set the right parameters. The startup script looks
> like:
>
> start-stop-daemon --start --quiet --exec $DAEMON -- \
>
> I set the home network as 192.168.194.0/24. I also tried 192.168.194.190/32
> which actually is the machine where snort is installed on. The test port scan
> is coming from another machine within the same network - could that be the
> problem?
You should take in consideration that Snort is able to listen only 1 interface
(as rule external interface). Moreover, it would be good idea to check
/etc/snort/snort-lib, 'cause this file defines the logging system (tcpdump-like
logging into a file, syslog or MySQL). You can choose only one way to log (if
you don't use Snort v1.7).
Reply to:
- References:
- Snort
- From: Jan-Frederik Bruns <jfbruns@gmx.net>