Re: Snort

To: Jan-Frederik Bruns <jfbruns@gmx.net>
Cc: debian-security@lists.debian.org
Subject: Re: Snort
From: Dmitry Rojkov <rojkov@piter.com>
Date: Mon, 26 Feb 2001 11:48:43 +0300
Message-id: <20010226114843.A20481@piter-press.ru>
In-reply-to: <01022521580700.01774@cruiser>; from jfbruns@gmx.net on Sun, Feb 25, 2001 at 09:30:13PM +0100
References: <01022521580700.01774@cruiser>

Hi Jan-Frederik! 

   On Sun, Feb 25, 2001 you wrote:

> I am running Snort 1.5.1 on my machine. Unfortunately Snort is directly logging
> port scans (nmap/ nessus) into the snort.log file in binary format. I would like
> it to log alerts as well to syslog. 
> The only thing snort logs is "snort uses obsolete (PF_INET,SOCK_PACKET)" in 
> /var/log/messages.
>  As far as I think I have set the right parameters. The startup script looks
> like:
> 
>  start-stop-daemon --start --quiet --exec $DAEMON -- \
> 
> I set the home network as 192.168.194.0/24. I also tried 192.168.194.190/32
> which actually  is the machine where snort is installed on. The test port scan
> is coming from another machine within the same network - could that be the
> problem?

You should take in consideration that Snort is able to listen only 1 interface
(as rule external interface). Moreover, it would be good idea to check
/etc/snort/snort-lib, 'cause this file defines the logging system (tcpdump-like
logging into a file, syslog or MySQL). You can choose only one way to log (if
you don't use Snort v1.7).

Reply to:

References:
- Snort
  - From: Jan-Frederik Bruns <jfbruns@gmx.net>

Prev by Date: Re: Dumb question
Next by Date: Re: Mac most secure servers?
Previous by thread: Snort
Next by thread: stupid ?!? question : how secure is...
Index(es):
- Date
- Thread