subject:"\[ossec\-list\] Problem with snort"

Re: [ossec-list] Problem with snort

2017-12-04 Thread Uğur ÇİL

Hi,

I hope you reached a solution for your problem and if you did, can u share 
the solution with me because i am struggling with the same problem for a 
few days...

On Sunday, May 3, 2015 at 2:43:06 PM UTC+3, AMINE.E wrote:
>
> i know that snort full logs are multiple lines. And i didn't use 
> ossec-logtest for testing.
> what i got each time, is the first line of my snort full log. I want the 
> others because they contain usefull data like source_ip/source_port
>
> On Sunday, May 3, 2015 at 12:56:00 AM UTC+1, dan (ddpbsd) wrote:
>>
>>
>> On May 2, 2015 7:51 PM, "AMINE.E"  wrote:
>> >
>> > Hi
>> >
>> > I have noticed something with snort-full log format, that it is not 
>> logging the full_log into "/var/ossec/logs/alerts/alert.log".
>> > it just takes the first line and logs it. And when i ran 
>> ossec-logcollector with debug mode i can see this : 
>>
>> It's been a while, but aren't snort full logs multiple lines? Includijg a 
>> multi-line log inside a multi-line log might be a bit cumbersome.
>>
>> > 2015/05/03 00:22:13 ossec-logcollector: DEBUG: Reading syslog message: 
>> 
>> >
>> > syslog ? it is not what i have configured ossec to. Because : 
>> > 
>> > snort-full
>> > /var/log/snort/alert
>> >   > >
>>
>> I don't think ossec-logtest pays attention to that configuration.
>>
>> > where might be the problem ?
>> >
>>
>> I don't think there is one.
>>
>> > -- 
>> >
>> > --- 
>> > You received this message because you are subscribed to the Google 
>> Groups "ossec-list" group.
>> > To unsubscribe from this group and stop receiving emails from it, send 
>> an email to ossec-list+...@googlegroups.com.
>> > For more options, visit https://groups.google.com/d/optout.
>>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Problem with snort

2015-05-03 Thread AMINE.E

i know that snort full logs are multiple lines. And i didn't use 
ossec-logtest for testing.
what i got each time, is the first line of my snort full log. I want the 
others because they contain usefull data like source_ip/source_port

On Sunday, May 3, 2015 at 12:56:00 AM UTC+1, dan (ddpbsd) wrote:


 On May 2, 2015 7:51 PM, AMINE.E amine.e...@um5s.net.ma javascript: 
 wrote:
 
  Hi
 
  I have noticed something with snort-full log format, that it is not 
 logging the full_log into /var/ossec/logs/alerts/alert.log.
  it just takes the first line and logs it. And when i ran 
 ossec-logcollector with debug mode i can see this : 

 It's been a while, but aren't snort full logs multiple lines? Includijg a 
 multi-line log inside a multi-line log might be a bit cumbersome.

  2015/05/03 00:22:13 ossec-logcollector: DEBUG: Reading syslog message: 
 
 
  syslog ? it is not what i have configured ossec to. Because : 
  localfile
  log_formatsnort-full/log_format
  location/var/log/snort/alert/location
/localfile
 

 I don't think ossec-logtest pays attention to that configuration.

  where might be the problem ?
 

 I don't think there is one.

  -- 
 
  --- 
  You received this message because you are subscribed to the Google 
 Groups ossec-list group.
  To unsubscribe from this group and stop receiving emails from it, send 
 an email to ossec-list+...@googlegroups.com javascript:.
  For more options, visit https://groups.google.com/d/optout.
  

-- 

--- 
You received this message because you are subscribed to the Google Groups 
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Problem with snort

2015-05-03 Thread AMINE.E

full

On Sunday, May 3, 2015 at 12:55:59 AM UTC+1, Eero Volotinen wrote:

 How snort logging is configured? Full or fast mode?
 3.5.2015 2.51 ap. AMINE.E amine.e...@um5s.net.ma javascript: 
 kirjoitti:

 Hi

 I have noticed something with snort-full log format, that it is not 
 logging the *full_log* into /var/ossec/logs/alerts/alert.log.
 it just takes the *first* line and logs it. And when i ran 
 ossec-logcollector with debug mode i can see this : 
 2015/05/03 00:22:13 ossec-logcollector: DEBUG: Reading *syslog* message: 
 

 syslog ? it is not what i have configured ossec to. Because : 
 localfile
 log_formatsnort-full/log_format
 location/var/log/snort/alert/location
   /localfile

 where might be the problem ?

 -- 

 --- 
 You received this message because you are subscribed to the Google Groups 
 ossec-list group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to ossec-list+...@googlegroups.com javascript:.
 For more options, visit https://groups.google.com/d/optout.



-- 

--- 
You received this message because you are subscribed to the Google Groups 
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Problem with snort

2015-05-02 Thread Eero Volotinen

How snort logging is configured? Full or fast mode?
3.5.2015 2.51 ap. AMINE.E amine.eloui...@um5s.net.ma kirjoitti:

 Hi

 I have noticed something with snort-full log format, that it is not
 logging the *full_log* into /var/ossec/logs/alerts/alert.log.
 it just takes the *first* line and logs it. And when i ran
 ossec-logcollector with debug mode i can see this :
 2015/05/03 00:22:13 ossec-logcollector: DEBUG: Reading *syslog* message:
 

 syslog ? it is not what i have configured ossec to. Because :
 localfile
 log_formatsnort-full/log_format
 location/var/log/snort/alert/location
   /localfile

 where might be the problem ?

 --

 ---
 You received this message because you are subscribed to the Google Groups
 ossec-list group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to ossec-list+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.


-- 

--- 
You received this message because you are subscribed to the Google Groups 
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Problem with snort

2015-05-02 Thread dan (ddp)

On May 2, 2015 7:51 PM, AMINE.E amine.eloui...@um5s.net.ma wrote:

 Hi

 I have noticed something with snort-full log format, that it is not
logging the full_log into /var/ossec/logs/alerts/alert.log.
 it just takes the first line and logs it. And when i ran
ossec-logcollector with debug mode i can see this :

It's been a while, but aren't snort full logs multiple lines? Includijg a
multi-line log inside a multi-line log might be a bit cumbersome.

 2015/05/03 00:22:13 ossec-logcollector: DEBUG: Reading syslog message:


 syslog ? it is not what i have configured ossec to. Because :
 localfile
 log_formatsnort-full/log_format
 location/var/log/snort/alert/location
   /localfile


I don't think ossec-logtest pays attention to that configuration.

 where might be the problem ?


I don't think there is one.

 --

 ---
 You received this message because you are subscribed to the Google Groups
ossec-list group.
 To unsubscribe from this group and stop receiving emails from it, send an
email to ossec-list+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Problem with snort

2015-05-02 Thread AMINE.E

Hi

I have noticed something with snort-full log format, that it is not logging 
the *full_log* into /var/ossec/logs/alerts/alert.log.
it just takes the *first* line and logs it. And when i ran 
ossec-logcollector with debug mode i can see this : 
2015/05/03 00:22:13 ossec-logcollector: DEBUG: Reading *syslog* message: 


syslog ? it is not what i have configured ossec to. Because : 
localfile
log_formatsnort-full/log_format
location/var/log/snort/alert/location
  /localfile

where might be the problem ?

-- 

--- 
You received this message because you are subscribed to the Google Groups 
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Problem with snort

Re: [ossec-list] Problem with snort

Re: [ossec-list] Problem with snort

Re: [ossec-list] Problem with snort

Re: [ossec-list] Problem with snort

[ossec-list] Problem with snort

6 matches

Site Navigation

Mail list logo

Footer information