Ticket #15 (closed defect: fixed)

Opened 10 years ago

Last modified 9 years ago

Snort text logs no longer being generated

Reported by: david Owned by: rmcmillen
Priority: major Milestone: roo-1.4
Component: Honeywall Version: 1.4b2
Keywords: Cc:

Description

Previous honeywall releases wrote snort alert logs to /var/log/snort. V1.4 no longer does this, which means that the snort log viewer in the admin console is always empty (and text logs are not available for processing by other non-honeywall tools).

Change History

Changed 10 years ago by rmcmillen

  • owner changed from [email protected] to rmcmillen
  • status changed from new to assigned

hflow2 now comes with its own modified version of snort. The snort.conf that hflow comes with no longer includes the following:

output alert_full: snort_full output alert_fast: snort_fast

Also, the snort associated with hflow is no longer rotated daily. Need to figure out how we want to handle this, but more than likely, the hflow-config-hw will have to deal with it.

Changed 10 years ago by rmcmillen

  • status changed from assigned to closed
  • resolution set to fixed

Made changes to the snort spec file so that it would create these logs (See  https://projects.honeynet.org/hflow/changeset/12). The new rpm is snort-2.6.1.5-9.hflow2.i386.rpm, and should be available in the honeywall repo for version 1.4 soon. This is only a temporary fix to the overall logging problem.

Changed 9 years ago by honey09

Dear All,

I am a student working on a project. I have problems while running the honeywall installed from this iso

"roo-1.4.hw-20090425114542.iso - This release updates the base operating system. MD5 (roo-1.4.hw-20090425114542.iso.sums)".

  1. I couldn’t view sebek data as graph processes

2. snort_full and snort_fast are empty

I read this post https://projects.honeynet.org/honeywall/ticket/15 ,but, i am not clear.

Any help is appreciated

Best regards,

Beginner

Note: See TracTickets for help on using tickets.