1. Home
  2. Forums Index
  3. Server Side / Linux, Unix, and *nix like Operating Systems 10:06 am May 21, 2026

Forum Moderators: bakedjake

Message Too Old, No Replies

Snort Logs

         

Frank_Rizzo

12:36 pm on Dec 14, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Installed Snort via Yast on Suse 9.1 and configured via webmin. Working fine but I don't understand the logging options.

1. Snort alerts are being logged in auth.log and warn logfields. How do I stop that and make in log into a snort.log logfile in the var/log/snort dir?

2. In the var/log/snort dir there are hundreds of #*$!.xxx.xxx.xxx dirs with tcp dumps in them. Is there any need for this? How do I turn it off? Can it just be set to dump to one file and not hundreds of individuals?

MattyMoose

7:11 pm on Dec 15, 2004 (gmt 0)

10+ Year Member



1)
It looks like snort is logging to syslog, you want to change the conf file to log to file. I can't remember off the top of my head how to do that.
2)
Those files are tcpdumps of the alerts. Basically you'd associate an alert (with an IP) with the dumpfile. It wouldn't make much sense to combine all the dumpfiles into one, since it would be a nightmare trying to go through them all. This way, they're all segregated into their own alerts, etc.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Linux, Unix, and *nix like Operating Systems 10:06 am May 21, 2026