Are Snort Intrusion Alerts Automatically Saved on the Harddisk by Default?
-
Hi,
I came across some Snort IDS settings.
The first setting is:
Services / Snort / Edit Interface / WAN
Snort will send Alerts to the firewall's system logs
The 2nd setting is:
Services / Snort / Alerts
Download Alert Log Actions
Does these mean that Snort IDS will not save intrusion alerts automatically to the filesystem by default?
If Snort IDS does save intrusion alerts automatically on the harddisk by default, where are they saved, ie. full path?
-
They'll be under /var/log/snort :-
[2.4.2-RELEASE][admin@pfsense]/var/log/snort: ls -alg
total 100
drwxr-xr-x 9 root wheel 512 Jan 5 20:52 .
drwxr-xr-x 7 root wheel 1024 Dec 19 20:59 ..
-rw-rw–-- 1 root wheel 0 Dec 22 12:17 alert
drw-rw–-- 3 root wheel 4096 Jan 15 11:15 snort_igb0.256577
drw-rw---- 3 root wheel 512 Jan 13 00:08 snort_igb0.343654
drw-rw---- 3 root wheel 2048 Jan 15 00:20 snort_igb0.427080
drw-rw---- 3 root wheel 3072 Jan 15 00:20 snort_igb0.516395
drw-rw---- 3 root wheel 2048 Jan 15 00:20 snort_igb0.658303
drw-rw---- 3 root wheel 512 Dec 19 21:10 snort_igb035478
drw-rw---- 3 root wheel 12288 Jan 15 09:05 snort_pppoe054518
-rw-rw–-- 1 root wheel 56255 Jan 15 18:05 snort_rules_update.log
[2.4.2-RELEASE][admin@pfsense]/var/log/snort:The entries in red are directories, the info is stored under here.