Snort: not logging anything

Posted by ethrbunny on Server Fault See other posts from Server Fault or by ethrbunny
Published on 2012-06-05T16:31:40Z Indexed on 2012/06/05 16:41 UTC
Read the original article Hit count: 580

Filed under:
|

My site seems to be the target of quite a bit of probing over the last few months. In an attempt to get a better handle on this I installed SNORT on one of the machines that has external exposure. Something must not be installed correctly as I see lots of probing in /var/log/messages but snort isn't logging anything.

System: CentOS 6.2 (32 bit)
Snort: (latest build and rules)

Snort configured from this v excellent site: http://nachum234.no-ip.org/security/snort/001-snort-installation-on-centos-6-2/

snort running as daemon: /usr/local/bin/snort -d -D -i bond0 -u snort -g snort -c /etc/snort.d/snort.conf -l /var/log/snort

The snort.log file is empty despite hundreds (or more) failed login attempts from individual IP addresses. Maybe Im missing the purpose of SNORT? I was hoping it would log this sort of info.

© Server Fault or respective owner

Related posts about centos

Related posts about snort