[Oisf-users] logging pb

Leonard Jacobs ljacobs at netsecuris.com
Fri Jun 14 17:14:59 UTC 2013

It has been my experience that the fast.log file will only be generated and appear after the first event that gets triggered occurs.  Are you sure the attack you ran will actually generate an alert or drop?
I can almost guarantee if you put your Suricata instance on the Internet that you will get a triggered alert or drop just with background "noise."
From: oisf-users-bounces at openinfosecfoundation.org [mailto:oisf-users-bounces at openinfosecfoundation.org] On Behalf Of mouna amani
Sent: Friday, June 14, 2013 11:30 AM
To: oisf-users at openinfosecfoundation.org
Subject: [Oisf-users] logging pb
I tested the ips with rules sets to alert(because I want to change them to drop next) and I am using fast.log for alerts 
when I run certain attacks I did not find the fast.log file in my directory for logs /var/log/suricata 
what Can be the pb?
I only see two files drop.log and stats.log
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130614/f129f97f/attachment-0002.html>

More information about the Oisf-users mailing list