Snort: not logging anything
Posted
by
ethrbunny
on Server Fault
See other posts from Server Fault
or by ethrbunny
Published on 2012-06-05T16:31:40Z
Indexed on
2012/06/05
16:41 UTC
Read the original article
Hit count: 582
My site seems to be the target of quite a bit of probing over the last few months. In an attempt to get a better handle on this I installed SNORT on one of the machines that has external exposure. Something must not be installed correctly as I see lots of probing in /var/log/messages but snort isn't logging anything.
System: CentOS 6.2 (32 bit)
Snort: (latest build and rules)
Snort configured from this v excellent site: http://nachum234.no-ip.org/security/snort/001-snort-installation-on-centos-6-2/
snort running as daemon: /usr/local/bin/snort -d -D -i bond0 -u snort -g snort -c /etc/snort.d/snort.conf -l /var/log/snort
The snort.log file is empty despite hundreds (or more) failed login attempts from individual IP addresses. Maybe Im missing the purpose of SNORT? I was hoping it would log this sort of info.
© Server Fault or respective owner