Re: Fw: [Snort-users] snort not reporting

Ben,

I tried this command:

sudo snort -bi ppp0 -c /etc/snort/snort.conf

(-b Log packets in tcpdump format)

The -A option just sets the alert mode (That's not
what I want - is it?)
Using the -b option I find a file in /var/log/snort
named:

-rw------- 1 root wheel 0 14 Dec 11:35
snort.log.1103020543

As you can see it's size is 0. It also disappears when
I quit snort.

Allan.


--- Ben van der Merwe <benm@pasco.co.za> wrote:

> Allan,
>
> I experienced the same problem when I first tried
> snort (with rules),
> but my project only focused on binary logging so I
> did not get the
> opportunity to fix it. That may be a good idea - try
> out the binary
> logging (I think there is a '-A' option then) and
> make sure that the
> traffic is logged to a binary file. You can then
> inspect the traffic
> with tools like 'ethereal', 'etherape' and
> 'tcpdump'. At least you can
> narrow down the problem area in this way.



__________________________________
Do you Yahoo!?
Yahoo! Mail - now with 250MB free storage. Learn more.
http://info.mail.yahoo.com/mail_250


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users