Snort Logs?
Results 1 to 4 of 4

Thread: Snort Logs?

  1. #1
    Member
    Join Date
    Nov 2002
    Posts
    53

    Snort Logs?

    Running RH7.3 and got Snort up and running and I'm wondering now where am I suppost to log this info to? Or how does it happen?

    Does Snort come with some sort of default log that gets written too, or do I have to go into /etc/syslog.conf and add some sort of line so this info gets written to /var/log/snort?

    Code:
     
    # Path to write Snort into to
    
    snort.*
    thanks

  2. #2
    Senior Member
    Join Date
    Jul 2001
    Posts
    461
    Hmm, I know I had snort logging to a file once, I forget how I did it, maybe it was automatic.

    I think I had to make a snort directory in /var/log and then it logged to there. Alternatively, what I do now when I set it up is use MySQL. Here is a link to a great document from the snort.org site about how to set snort up with MySQL, and ACID on Redhat.

    http://www.snort.org/docs/snort-rh7-mysql-ACID-1-5.pdf

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    AFAIK, with the out-of-the-box configuration it writes to /var/log/snort/fast.log plus logs each packet that triggers an alert into appropriate subdirectories in /var/log/snort by IP number.

    It is configurable. You can have several logs for different types of events.

    It is also perhaps desirable to disable packet logging as it eats inodes quickly for a busy networks (The network I was monitoring saw hundreds of attacks per day, using thousands of packets)

  4. #4
    Member
    Join Date
    Nov 2002
    Posts
    53
    Hmm, I know I had snort logging to a file once, I forget how I did it, maybe it was automatic.

    I think I had to make a snort directory in /var/log and then it logged to there. Alternatively, what I do now when I set it up is use MySQL. Here is a link to a great document from the snort.org site about how to set snort up with MySQL, and ACID on Redhat.

    http://www.snort.org/docs/snort-rh7-mysql-ACID-1-5.pdf
    Kewl. Thanks for the URL for the pdf, I've read thru it and it has alot of the info. that I am looking for.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •