Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Configuring output plugins

From: darek <darek () nyi net>
Date: Fri, 09 Aug 2002 12:14:32 -0400
Hey guys, I am trying to send alerts for locally defined rules (local.rules) to a logfile only, and all other alerts to Syslog. 

In my snort.conf I defined:
ruletype art
{
 type log
 output alert_full: snort.log
}

and in my local.rules I have:
art tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS ( whatever; )
It doesnt appear to work. I am trying to understand the docs but they can be pretty tricky. Mayhaps someone could help with the syntax or shed some light on the whole output plugin system. 

Thanks in advance.



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: