Snort mailing list archives
Re: logging to syslog
From: Chris Green <cmg () uab edu>
Date: Wed, 20 Feb 2002 10:14:46 -0600
Madhav Diwan <mdiwan () wagweb com> writes:
Is there a way to log alerts to the /var/log/secure file instead of the /var/log/messages file? I am using redhat 7.2 snort 1.8.3-5 and the following commandline in /etc/init.d/snortd: daemon /usr/sbin/snort -l /var/log/snort -d -D \ -i $INTERFACE -c /etc/snort/snort.conf /etc/snort/snort.conf is configured to log to syslog output alert_syslog: LOG_AUTH LOG_ALERT
rh 7.2 syslog.conf: # The authpriv file has restricted access. authpriv.* /var/log/secure try: output alert_syslog: LOG_AUTHPRIV LOG_ALERT according to rh 7.2 syslog(3), LOG_AUTH security/authorization messages (DEPRECATED Use LOG_AUTHPRIV instead) LOG_AUTHPRIV security/authorization messages (private) obsd 3.0's LOG_AUTH The authorization system: login(1), su(1), getty(8), etc. LOG_AUTHPRIV The same as LOG_AUTH, but logged to a file readable only by selected individuals. so it does seem atleast 2 people agree that AUTHPRIV stuff goes to secure which is where trusted admins can look rather than pimply faced youths.
but the messages end up in the messages file and i want them to go to the secure file as they did in snort 1.7. --
Chris Green <cmg () uab edu> To err is human, to moo bovine. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- logging to syslog Madhav Diwan (Feb 20)
- Re: logging to syslog Chris Green (Feb 20)
- Re: logging to syslog Madhav Diwan (Feb 20)
- <Possible follow-ups>
- RE: logging to syslog Chris Arnold (Feb 20)
- Re: logging to syslog Chris Green (Feb 20)