Snort mailing list archives
snort and syslog
From: "Douglas F. Elznic" <dfe () anize org>
Date: 22 Jul 2001 22:13:04 -0400
Hello, I have a real easy question about snort and syslog. i am obviously missing someting... I have the follwoning line in my snort.conf: output alert_syslog: LOG_AUTH LOG_ALERT Snort gets started like this: echo -n "Starting snort: " daemon /usr/sbin/snort -u snort -g snort -d -D \ -l /var/log/snort -b -i $INTERFACE -c /etc/snort/snort.conf and I thought I should send the messages to a remote host with a syslog entry like this: snort.* @loghost But that does not work. if I do *.* i get all the messages sent to the remote host like you would expect. How do I get it to only send snort messages? Thanks in advance. I know I am missing simething real stupid here... -- +------------------+---------------------------------------------------+ | Douglas Elznic | GPG Key: <dfe () anize org> 0x13300731 | +------------------+---------------------------------------------------+ | Thinker-@-Large | Pub Key: | | dfe () anize org | http://web.syr.edu/~dfelznic/dfe.asc | | dfelznic () syr edu | Fingerprint: | | dfe () lsb syr edu | EF9C 7E3C 0327 EAAF 1E20 5299 0805 7531 1330 0731 | | http://anize.org | * This key will be used for all email addresses * | +----------------------------------------------------------------------+ | All emails should be accompanied by a gpg signature. | +----------------------------------------------------------------------+ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort and syslog Douglas F. Elznic (Jul 22)
- Re: snort and syslog John Sage (Jul 23)
- <Possible follow-ups>
- RE: snort and syslog Shriman Gurung (Jul 23)