[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Snort

Hi Jan-Frederik! 

   On Sun, Feb 25, 2001 you wrote:

> I am running Snort 1.5.1 on my machine. Unfortunately Snort is directly logging
> port scans (nmap/ nessus) into the snort.log file in binary format. I would like
> it to log alerts as well to syslog. 
> The only thing snort logs is "snort uses obsolete (PF_INET,SOCK_PACKET)" in 
> /var/log/messages.
>  As far as I think I have set the right parameters. The startup script looks
> like:
>  start-stop-daemon --start --quiet --exec $DAEMON -- \
> I set the home network as I also tried
> which actually  is the machine where snort is installed on. The test port scan
> is coming from another machine within the same network - could that be the
> problem?

You should take in consideration that Snort is able to listen only 1 interface
(as rule external interface). Moreover, it would be good idea to check
/etc/snort/snort-lib, 'cause this file defines the logging system (tcpdump-like
logging into a file, syslog or MySQL). You can choose only one way to log (if
you don't use Snort v1.7).

Reply to: