Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort Question

    pfSense Packages
    2
    4
    2217
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      LostInIgnorance last edited by

      I am wondering if anyone else gets double entries from snort inside their system logs.  If you do, does anyone know how to turn off the double logging or get rid of it doing the double logging?

      Dec 8 18:44:44 	snort[62526]: [ Number of null byte prefixed patterns trimmed: 25829 ]
Dec 8 18:44:44 	snort[62526]: [ Number of null byte prefixed patterns trimmed: 25829 ]
Dec 8 18:44:44 	snort[62526]:
Dec 8 18:44:44 	snort[62526]:
Dec 8 18:44:44 	snort[62526]: --== Initialization Complete ==--
Dec 8 18:44:44 	snort[62526]: --== Initialization Complete ==--
Dec 8 18:44:44 	snort[62526]: Snort initialization completed successfully (pid=62526)
Dec 8 18:44:44 	snort[62526]: Snort initialization completed successfully (pid=62526)
Dec 8 18:44:44 	snort[62526]: Not Using PCAP_FRAMES
Dec 8 18:44:44 	snort[62526]: Not Using PCAP_FRAMES
      1 Reply Last reply Reply Quote 0
      • T
        tbaror last edited by

        @LostInIgnorance:

        I am wondering if anyone else gets double entries from snort inside their system logs.  If you do, does anyone know how to turn off the double logging or get rid of it doing the double logging?

        Dec 8 18:44:44 	snort[62526]: [ Number of null byte prefixed patterns trimmed: 25829 ]
Dec 8 18:44:44 	snort[62526]: [ Number of null byte prefixed patterns trimmed: 25829 ]
Dec 8 18:44:44 	snort[62526]:
Dec 8 18:44:44 	snort[62526]:
Dec 8 18:44:44 	snort[62526]: --== Initialization Complete ==--
Dec 8 18:44:44 	snort[62526]: --== Initialization Complete ==--
Dec 8 18:44:44 	snort[62526]: Snort initialization completed successfully (pid=62526)
Dec 8 18:44:44 	snort[62526]: Snort initialization completed successfully (pid=62526)
Dec 8 18:44:44 	snort[62526]: Not Using PCAP_FRAMES
Dec 8 18:44:44 	snort[62526]: Not Using PCAP_FRAMES

        how many interfaces are you monitoring?

        1 Reply Last reply Reply Quote 0
        • L
          LostInIgnorance last edited by

          Just my wan

          1 Reply Last reply Reply Quote 0
          • T
            tbaror last edited by

            @LostInIgnorance:

            Just my wan

            ok , i thought you might monitoring  two interfaces although pid sowing the same
            any way i checked at our system using 1.34 snort package its the same as you mention , its monitoring only the LAN int.

            Dec 10 09:34:14 	snort[32933]: +-------------------------------------------------
Dec 10 09:34:14 	snort[32933]: [ Number of null byte prefixed patterns trimmed: 2382 ]
Dec 10 09:34:14 	snort[32933]: [ Number of null byte prefixed patterns trimmed: 2382 ]
Dec 10 09:34:14 	snort[32933]:
Dec 10 09:34:14 	snort[32933]:
Dec 10 09:34:14 	snort[32933]: --== Initialization Complete ==--
Dec 10 09:34:14 	snort[32933]: --== Initialization Complete ==--
Dec 10 09:34:14 	snort[32933]: Snort initialization completed successfully (pid=32933)
Dec 10 09:34:14 	snort[32933]: Snort initialization completed successfully (pid=32933)
Dec 10 09:34:14 	snort[32933]: Not Using PCAP_FRAMES
Dec 10 09:34:14 	snort[32933]: Not Using PCAP_FRAMES
            1 Reply Last reply Reply Quote 0
            • First post
              Last post