Hi all,
I am running Snort 1.5.1 on my machine. Unfortunately Snort is directly logging
port scans (nmap/ nessus) into the snort.log file in binary format. I would like
it to log alerts as well to syslog.
The only thing snort logs is "snort uses obsolete (PF_INET,SOCK_PACKET)" in
/var/log/messages.
As far as I think I have set the right parameters. The startup script looks
like:
start-stop-daemon --start --quiet --exec $DAEMON -- \
-D \
-S "HOME_NET=$DEBIAN_SNORT_HOME_NET" \
-h "$DEBIAN_SNORT_HOME_NET" \
-c /etc/snort/snort-lib \
-l /var/log/snort/ \
-s \
-b \
$DEBIAN_SNORT_OPTIONS \
I set the home network as 192.168.194.0/24. I also tried 192.168.194.190/32
which actually is the machine where snort is installed on. The test port scan
is coming from another machine within the same network - could that be the
problem?
Jan
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
