Snort mailing list archives
Re: Syslog trouble
From: Rich Adamson <radamson () routers com>
Date: Tue, 29 May 2001 14:20:48 -0600
Im sure this is an easy question but its been giving me trouble for a while. I can't seem to get anything to log to syslog. Logging is fine in the directories (Im using 1.7). This is the command line: snort -i eth1 -D -s -l /var/log/snort in snort.conf Ive tried output: alert_syslog: LOG_AUTH LOG_INFO I have also tried without that and still nothing. Im testing with the rule alert any any any <> any any (msg: "STUFF: ";) I'd like to see the alerts go to /var/log/messages. My syslog.conf looks to be ok. Haven't changed it from the default (rh 7.1). Please reply to my address as well (I use digests). Thanks
Mike, To have snort send syslog messages, the command line must include "-s 10.1.1.1" as in... snort -i eth0 -s 10.1.1.1 -D ... etc The LOG_AUTH and LOG_INFO parameters have no usefull purpose as it appears the source code to handle changing these two parameters was never implemented. Rich _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Syslog trouble Michael J Clark (May 29)
- spp_http_decode: CGI Null Byte attack detected John Johnson (May 29)
- Re: Syslog trouble Rich Adamson (May 29)
- Re: Syslog trouble John Sage (May 30)
- Re: Syslog trouble Michael J Clark (May 30)
- Re: Syslog trouble John Sage (May 30)
- Re: Syslog trouble Michael J Clark (May 30)