Snort logs



  • I wondered if there was a way to display the snort logs from the command line.

    I have the pfsense on a kvm so I can view the screen locally rather than ssh. From looking at the snort package advanced tab it says about tcpdump logs. Could I view somthing similar to pftop from the main user menu? It would be very nice to see blocked ip's from snort and what ip's are popping up.

    Sorry but I don't have a clue how to follow / tail the dump file and where it is stored.

    If someone could shed some light on this that would be great. Sicne I have upgraded to the latest version it has opened up a whole world of goodies for monitoring and protecting the system.

    Regards

    Sam



  • In ther terminal.

    ee /var/log/snort/alert

    or

    tail -F /var/log/snort/alert

    @sam_son:

    I wondered if there was a way to display the snort logs from the command line.

    I have the pfsense on a kvm so I can view the screen locally rather than ssh. From looking at the snort package advanced tab it says about tcpdump logs. Could I view somthing similar to pftop from the main user menu? It would be very nice to see blocked ip's from snort and what ip's are popping up.

    Sorry but I don't have a clue how to follow / tail the dump file and where it is stored.

    If someone could shed some light on this that would be great. Sicne I have upgraded to the latest version it has opened up a whole world of goodies for monitoring and protecting the system.

    Regards

    Sam



  • thanks jamesdean

    And to exit it's ctrl/c for those like me that didnt know :)

    I dont suppose there is a way of tailing the blocked ip list is there? It would also be good from time to time to view the offenders in a nice format such as the blocked list.

    Regards

    Sam



  • To show all block ips in the terminal.

    pfctl -t snort2c -Ts

    @sam_son:

    I wondered if there was a way to display the snort logs from the command line.

    I have the pfsense on a kvm so I can view the screen locally rather than ssh. From looking at the snort package advanced tab it says about tcpdump logs. Could I view somthing similar to pftop from the main user menu? It would be very nice to see blocked ip's from snort and what ip's are popping up.

    Sorry but I don't have a clue how to follow / tail the dump file and where it is stored.

    If someone could shed some light on this that would be great. Sicne I have upgraded to the latest version it has opened up a whole world of goodies for monitoring and protecting the system.

    Regards

    Sam


Log in to reply