|
|
|
|
Snort Forums Archive
Archive Home » Third Party Tools » snortsam and snort not loging issue
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
snortsam and snort not loging issue
Posted by skrishnaswamy on March 08, 2005 13:52:57
Folks,
I was just trying out snortsam in my small lab and I ran into an issue. I would like to know if , anyone knows how to fix this
- I have snort and snortsam running on the same box ( Linux ES WS ) .
- I started up snortsam and then started up snort
- snort runs as user snort.
- snortsam runs as root
- I have configured snortsam to login into a pix in my network.
- snort is loging at /var/log/snort/alert
- snortsam is loging at /var/log/snortsam/eventlog
- As soon as I start snort with the line "output alert_fwsam: "
- snort stops loging into /var/log/snort/alert
- snortsam does its work tho. ( shunning )
- If I comment out "output alert_fwsam:" and restart snort, I donot see this issue.
Any help would be appreciated.
Let me know if you need more info.
Srikanth
|
|
Posted by xavierc on May 03, 2005 06:46:46
Maybe you can try with Barnyard and use in your..
-----!------------
snort.conf
output alert_unified: filename snort.alert, limit 128
output log_unified: filename snort.log, limit 128
-----!------------
and barnyard.conf
output log_dump
if you are not using any type of database.
for database y use:
output alert_acid_db: mysql, sensor_id snort2.mycompany.net, database snort, server ids, user snort, password mypassword
output log_acid_db: mysql, database snort, server ids, user snort, password mypassword, detail full
For Snort start script, quit the '-A' option
Regards.
|
|
|
|
|
|
