[wolves] Snort fun and games
Fri Aug 23 11:28:01 2002
Sorry, I only replied to Jono in this message, forgot to hit the Reply to all
button :- doh.
> t is these kind of logs that dont seem to be getting
> gneerated for me. I hav set up snort, configured it as
> I think it should be, and it just isnt generating
> logs. Is there a way to check the rule files are being
I think the only way I know my Snort is running is to run
tail -f /var/log/messages and I can clearly see the lines :-, but I bet you've
already done that.
Aug 23 11:18:21 tiger kernel: snort uses obsolete (PF_INET,SOCK_PACKET)
Aug 23 11:18:28 tiger snort: Snort initialization completed successfully,
> I am also using Acidlab to viewe the data. This is
> working but again doesnt show the alerts (alerts are
> not in either the mysql DB or in /var/log/snort).
I haven't used Acidlab so can't comment but my alerts are in /var/log/snort in
the file named 'alert'.
Of course you may not have had any alerts yet as you've only just set it up,
in that case you wont see anything at all!
If you're still unsure, maybe comp.os.linux.security newsgroup may be able to
Hope I've been of some help ;|