You are not logged in.
Regards,
I have installed Snort following the guidance of the Arch Wiki - Snort . After installing and setting things up, everything seems to be working fine with the alerts, but my problem is that snort is not writing logs to /var/log/snort.
$ sudo snort -q -c /etc/snort/snort.lua -i enp0s3 --daq-dir /usr/lib/daq -A alert_full
[**] [122:1:1] "(port_scan) TCP portscan" [**]
[Priority: 3]
04/01-18:07:26.883775 192.168.0.235:51836 -> 192.168.0.136:53
TCP TTL:64 TOS:0x0 ID:64346 IpLen:20 DgmLen:60 DF
******S* Seq: 0xBAEAE8A7 Ack: 0x0 Win: 0x7D78 TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 2161060197 0 NOP WS: 7Contents of /var/log/snort after the alert:
$ sudo ls -la /var/log/snort
total 0
drwxr-x--- 1 snort snort 6 Apr 1 15:50 .
drwxr-xr-x 1 root root 166 Apr 1 18:05 ..
drwxr-x--- 1 snort snort 0 Apr 1 15:50 olTried to specified the logs path with the following:
$ sudo snort -q -c /etc/snort/snort.lua -i enp0s3 --daq-dir /usr/lib/daq -A alert_full -l /var/log/snortBut it doesn't work.
I've searched over the internet, forums and on the Arch Wiki, but I haven't seen any relevant solutions.
Can anyone help?
Last edited by taxidriver_joe (2024-04-01 22:23:01)
Offline