Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] Daily mail notification don't work anymore

from [Sam Przyswa] Network Security [Permanent Link]
Subject: Re: [Snort-users] Daily mail notification don't work anymore
Date: Tue, 28 Dec 2004 08:40:38 +0100 
Le lun 27/12/2004 à 08:15, ViSolve Snort Support a écrit :

Hello,
Your cronjob is (presumably) written to read alerts from /var/log/snort. 
When Snort configuration logging is enabled for "unified" log and alert,  it 
will log details and alerts to snort.alert.xxxxxxx and snort.log.xxxxxxx. 
This is the Snort unified binary format alerting and logging.  It is not 
ASCII-readable, but rather, requires tools like barnyard.


The only way to log in ASCII format in /var/log/snort/alert log file for
me it's to add the "-A full" option into the snort.common.parameters but
then IT STOP TO LOG IN MySQL !


In order to get your cron job to work as you want,  you will need to edit 
the Snort configuration file, as shown: to send alert and log 
/var/log/snort/alert file, so that cron  will look at /var/log/snort/alert.


Yes my snort daily cron work now but no more alerts in MySQL !!!


Comment the following two lines,

   "output alert_unified: filename snort.alert, limit 128
    output log_unified: filename snort.log, limit 128"


I do that too.


Now restart Snort.  Alerts will now get logged to the default 
/var/log/snort/alert file, and your /etc/cron.daily should work as desired.


Yes but how make MySQL logging alerts too ??

Is a way in snort.conf to make ASCII log into /var/log/snort/alert to
avoid the "-A full" in start command line and make snort able to log
alerts in MySQL too ?

Sam.


----- Original Message ----- 
From: "Sam Przyswa" <samp@arial-concept.com>
To: <snort-users@lists.sourceforge.net>
Sent: Friday, December 24, 2004 6:20 AM
Subject: [Snort-users] Daily mail notification don't work anymore


Hi,

Since my last Snort upgrade to v2.2.0 the script 5snort in
/etc/cron.daily don't work anymore, the logfile /var/log/snort/alert
stay empty but I got files snort.alert.xxxxxxxxxxx and
snort.log.xxxxxxxx

How to make it working as before ?

Thanks in advance.

Sam.

-- 

Sam Przyswa - Chef de projet
Arial Concept - Intégrateur Internet
36, rue de Turin - 75008 - Paris - France
Tel: 01 40 54 86 04 - Fax: 01 40 54 83 01
Web: http://www.arial-concept.com - Email: Info@arial-concept.com




-- 
Ce message a été vérifié par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a été trouvé.
MailScanner remercie transtec pour son soutien.



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-users] Snort -2.3.0 RC2 dumps core, Senthil Prabu.S
Next by Date:  Re: [Snort-users] SNort FlexResp Questions, Rich Adamson
Previous by Thread:  [Snort-users] Daily mail notification don't work anymore, Sam Przyswa
Next by Thread:  Re: [Snort-users] Daily mail notification don't work anymore, Frank Knobbe
Indexes:  [Date] [Thread] [Top] [All Lists]