I have Snort configured on my virtual Ubuntu machine and have been stuck on this issue I’m having regarding snort log files. I run the command to run Snort on my capfle.
snort -c /etc/snort/snort.conf -r /capfiles/capFile.pcapng
This is what my local.rules looks like:
config bpf_file: /etc/snort/bpf.conf
bpf.conf:
not host [ip_example] and not host [ip_example]
And finally my snort.conf file where I’ve changed some stuff, but even after those changes it would still make the snort.log files filled with data. However the log generation hasn’t been changed.
output unified2: filename snort.log, limit 128, nostamp, mpls_event_types, vlan_event_types
/var/log/snort folder:
drwsrwsr-t 2 snort snort 4096 dec 15 22:28 ./
drwxrwxr-x 14 root syslog 4096 dec 15 21:56 ../
-rw-r--r-- 1 kali snort 0 dec 15 21:34 alert
-rw------- 1 kali snort 0 dec 15 22:28 snort.log
The only thing that could cause an issue and I’m not sure how is when I adjusted my local.rules file to include more log generation files such as:
Previous local.rules file
I’ve tried rebooting my machine, deleting local.rules and making a new one also tried reinstalling Snort, yet nothing happens. My last hope is to completely install a new Ubuntu VM..
