How to start the Snort service with logging enabled?
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I setup snort on Centos server and add as a service. When I use service snortd start command, the log file is created but it is empty. If I use snort -q -l /var/log/snort command, the log file created and filled with logs. What should I do in order to use service snortd start and have the logs work?
centos logs snort
edited Jun 20 '14 at 15:12
drs
3,25842757
asked Jun 20 '14 at 14:40
SLYN
11
add a comment |Â
up vote
0
down vote
favorite
I setup snort on Centos server and add as a service. When I use service snortd start command, the log file is created but it is empty. If I use snort -q -l /var/log/snort command, the log file created and filled with logs. What should I do in order to use service snortd start and have the logs work?
centos logs snort
edited Jun 20 '14 at 15:12
drs
3,25842757
asked Jun 20 '14 at 14:40
SLYN
11
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I setup snort on Centos server and add as a service. When I use service snortd start command, the log file is created but it is empty. If I use snort -q -l /var/log/snort command, the log file created and filled with logs. What should I do in order to use service snortd start and have the logs work?
centos logs snort
edited Jun 20 '14 at 15:12
drs
3,25842757
asked Jun 20 '14 at 14:40
SLYN
11
I setup snort on Centos server and add as a service. When I use service snortd start command, the log file is created but it is empty. If I use snort -q -l /var/log/snort command, the log file created and filled with logs. What should I do in order to use service snortd start and have the logs work?
centos logs snort
centos logs snort
edited Jun 20 '14 at 15:12
drs
3,25842757
asked Jun 20 '14 at 14:40
SLYN
11
edited Jun 20 '14 at 15:12
drs
3,25842757
asked Jun 20 '14 at 14:40
SLYN
11
edited Jun 20 '14 at 15:12
drs
3,25842757
edited Jun 20 '14 at 15:12
drs
3,25842757
edited Jun 20 '14 at 15:12
drs
3,25842757
3,25842757
asked Jun 20 '14 at 14:40
SLYN
11
asked Jun 20 '14 at 14:40
SLYN
11
asked Jun 20 '14 at 14:40
SLYN
11
11
add a comment |Â
add a comment |Â
3 Answers
3
active
oldest
votes
up vote
1
down vote
Edit the init script and add -q -l /var/log/snort to snort. Save and restart the service.
answered Jun 20 '14 at 15:22
schaiba
5,38312028
add a comment |Â
up vote
0
down vote
You should modify the /etc/sysconfig/snort file as options will be read from there. LOGDIR (-l) is set to /var/log/snort by default.
answered Sep 30 '16 at 13:38
thisismydesign
1011
add a comment |Â
up vote
0
down vote
According to Snort Manual v2.9.11 written under The Snort Project
To read packets & record them to disc, we need to specify a logging directory that If not specified, by default It is created with name log in current directory. If log directory is not configured in snort, It exits with an error message.
So, you need to specify the logging directory in the init script while starting the snort itself by typing in :
./snort -q -dev -l /path/to/log/file
Now save the script and restart the service.
Also, consider giving your time to this Script by markus1982. It would be really helpful.
answered Apr 2 at 19:02
C0deDaedalus
450312
add a comment |Â
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
Edit the init script and add -q -l /var/log/snort to snort. Save and restart the service.
answered Jun 20 '14 at 15:22
schaiba
5,38312028
add a comment |Â
up vote
1
down vote
Edit the init script and add -q -l /var/log/snort to snort. Save and restart the service.
answered Jun 20 '14 at 15:22
schaiba
5,38312028
add a comment |Â
up vote
1
down vote
up vote
1
down vote
Edit the init script and add -q -l /var/log/snort to snort. Save and restart the service.
answered Jun 20 '14 at 15:22
schaiba
5,38312028
Edit the init script and add -q -l /var/log/snort to snort. Save and restart the service.
answered Jun 20 '14 at 15:22
schaiba
5,38312028
answered Jun 20 '14 at 15:22
schaiba
5,38312028
answered Jun 20 '14 at 15:22
schaiba
5,38312028
answered Jun 20 '14 at 15:22
schaiba
5,38312028
5,38312028
add a comment |Â
add a comment |Â
up vote
0
down vote
You should modify the /etc/sysconfig/snort file as options will be read from there. LOGDIR (-l) is set to /var/log/snort by default.
answered Sep 30 '16 at 13:38
thisismydesign
1011
add a comment |Â
up vote
0
down vote
You should modify the /etc/sysconfig/snort file as options will be read from there. LOGDIR (-l) is set to /var/log/snort by default.
answered Sep 30 '16 at 13:38
thisismydesign
1011
add a comment |Â
up vote
0
down vote
up vote
0
down vote
You should modify the /etc/sysconfig/snort file as options will be read from there. LOGDIR (-l) is set to /var/log/snort by default.
answered Sep 30 '16 at 13:38
thisismydesign
1011
You should modify the /etc/sysconfig/snort file as options will be read from there. LOGDIR (-l) is set to /var/log/snort by default.
answered Sep 30 '16 at 13:38
thisismydesign
1011
answered Sep 30 '16 at 13:38
thisismydesign
1011
answered Sep 30 '16 at 13:38
thisismydesign
1011
answered Sep 30 '16 at 13:38
thisismydesign
1011
1011
add a comment |Â
add a comment |Â
up vote
0
down vote
According to Snort Manual v2.9.11 written under The Snort Project
To read packets & record them to disc, we need to specify a logging directory that If not specified, by default It is created with name log in current directory. If log directory is not configured in snort, It exits with an error message.
So, you need to specify the logging directory in the init script while starting the snort itself by typing in :
./snort -q -dev -l /path/to/log/file
Now save the script and restart the service.
Also, consider giving your time to this Script by markus1982. It would be really helpful.
answered Apr 2 at 19:02
C0deDaedalus
450312
add a comment |Â
up vote
0
down vote
According to Snort Manual v2.9.11 written under The Snort Project
To read packets & record them to disc, we need to specify a logging directory that If not specified, by default It is created with name log in current directory. If log directory is not configured in snort, It exits with an error message.
So, you need to specify the logging directory in the init script while starting the snort itself by typing in :
./snort -q -dev -l /path/to/log/file
Now save the script and restart the service.
Also, consider giving your time to this Script by markus1982. It would be really helpful.
answered Apr 2 at 19:02
C0deDaedalus
450312
add a comment |Â
up vote
0
down vote
up vote
0
down vote
According to Snort Manual v2.9.11 written under The Snort Project
To read packets & record them to disc, we need to specify a logging directory that If not specified, by default It is created with name log in current directory. If log directory is not configured in snort, It exits with an error message.
So, you need to specify the logging directory in the init script while starting the snort itself by typing in :
./snort -q -dev -l /path/to/log/file
Now save the script and restart the service.
Also, consider giving your time to this Script by markus1982. It would be really helpful.
answered Apr 2 at 19:02
C0deDaedalus
450312
According to Snort Manual v2.9.11 written under The Snort Project
To read packets & record them to disc, we need to specify a logging directory that If not specified, by default It is created with name log in current directory. If log directory is not configured in snort, It exits with an error message.
So, you need to specify the logging directory in the init script while starting the snort itself by typing in :
./snort -q -dev -l /path/to/log/file
Now save the script and restart the service.
Also, consider giving your time to this Script by markus1982. It would be really helpful.
answered Apr 2 at 19:02
C0deDaedalus
450312
answered Apr 2 at 19:02
C0deDaedalus
450312
answered Apr 2 at 19:02
C0deDaedalus
450312
answered Apr 2 at 19:02
C0deDaedalus
450312
450312
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f138285%2fhow-to-start-the-snort-service-with-logging-enabled%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
