debuggingsnort

How to enable DEBUG logs in SNORT IDS?


I would like to know how to enable DEBUG logs in SNORT (installed version snort-2.9.11-1.f25.x86_64.rpm downloaded from www.snort.org in Ubuntu 16.04). I cannot see any parameter related with this in snort command-line help. Is necessary to recompile it or something?

Thank you and best regards


Solution

  • Sorry for this. After some hours searching and posting this question, I somehow managed to get the answer almost right after posting :-/

    From jasonish, to enable debug in SNORT:

    1. Build from source code enabling that option with

      make distclean; ./configure --enable-debug; make
      
    2. After that, enable the log level exporting the following variable:

      export SNORT_DEBUG=<debuglevel> 
      
    3. Finally, run SNORT. The value for debuglevel can be chosen from the list in debug.h

    Hope this helps someone else besides me ^_^