Did you restart ossec after adding the log entry for snort? Can you show us the output of:
cat /var/ossec/etc/ossec.conf cat /var/ossec/logs/ossec.log In addition to that, do you see the alerts showing up on the /var/ossec/logs/alerts directory or they do not show up only in the e-mail alerts? Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On 7/6/06, Bubbacheese <[EMAIL PROTECTED]> wrote: > > I've just downloaded and played around with OSSEC (Which is Great) and > I'm trying to get my snort alerts sent to me via email. But it doesn't > seem to be working. This is what I've added to the ossec.conf file. > > <localfile> > <log_format>snort-full</log_format> > <location>/var/log/snort/alert</location> > </localfile> > > and this is the snort command line I use. > > snort -c /etc/snort/snort.conf -A full -D > > Snort is generating alerts, but I'm just not getting OSSEC to send this > to me. Thanks for the help. Oh yea ver is the lastest from yesterday. > > > > > --~--~---------~--~----~------------~-------~--~----~ -~----------~----~----~----~------~----~------~--~---
