RE: Repost: Syslog, but I don't want it

[Neil Dickey <neil () geol niu edu>]

Marc Thompson <Marc.Thompson () bops com> wrote:

> You recommended that I run snort without the -D (Daemon-mode)
> option.  I tried this, ran nmap, alerts fired but weren't sent
> to syslog.  This is the behavior that I want, so your idea worked.
>
> So, it seems that running snort in Daemon mode enables syslog
> logging via the LOCAL facility.  I imagine that this is by design.

For what it's worth, here's the command line in the script I use
to start Snort1.7 on my system ( Solaris2.7 ):

  snort -dD -h 111.222.333.444/24 -l $LOGPATH -c $RULESPATH/$RULESNAME -o

I think my variables make enough sense that you don't need me to
translate them.  ;-)  This arrangement works fine, in daemon mode,
and *without* logging to syslog.

Perhaps there is a problem with the RedHat implementation of Snort,
but it doesn't exist under Solaris.

Best regards,

Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois
60115

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users