Snort mailing list archives
RE: output alert_syslog
From: Steve Halligan <giermo () geeksquad com>
Date: Tue, 14 Jan 2003 13:40:00 -0600
You need to add a local5.none to the messages line in syslog.conf ...I think...
Hi, I've configured snort 1.9.0 to use syslog and edited syslog.conf so it logs local5.alert to /var/log/snort.alert but it's logging to
that file AND
/var/log/messages. I'd like to log to snort.alert only. Here is the relevant information: snort.conf: [...] output alert_syslog: LOG_LOCAL5 LOG_ALERT output log_unified: filename snort.log, limit 128 [...] syslog.conf: *.err;*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages security.*
/var/log/security
auth.notice;auth.info;authpriv.info
/var/log/auth.log
mail.info
/var/log/maillog
cron.*
/var/log/cron
*.emerg * local5.alert
/var/log/snort.alert
console.info
/var/log/console.log
# ls -l /var/log/snort.alert -rw-r--r-- 1 root wheel 2015 Jan 14 16:45 snort.alert # ls -l /var/log/snort/ -rw-r--r-- 1 snort snort 489509 Jan 14 16:54 scan.log -rw-r--r-- 1 snort snort 1119 Jan 14 16:45
snort.alert
-rw-r--r-- 1 snort snort 452 Jan 14 12:56
snort.log.1042555093
-rw-r--r-- 1 snort snort 514 Jan 14 12:58
snort.log.1042556289
-rw-r--r-- 1 snort snort 24 Jan 14 16:40
snort.log.1042569610
I'm running snort with this command line: /usr/local/bin/snort -D -c /usr/local/etc/snort.conf -i
fxp0
-p -z -u snort \ -g snort -m 022 Thanks in advance (and sorry if it is obvious), -- Giovanni P. Tirloni gpt () tirloni org ------------------------------------------------------- This SF.NET email is sponsored by: Take your first step
towards giving
your online business a competitive advantage. Test-drive a
Thawte SSL
certificate - our easy online guide will show you how.
Click
here to get started:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.NET email is sponsored by: Take your first step towards giving your online business a competitive advantage. Test-drive a Thawte SSL certificate - our easy online guide will show you how. Click here to get started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- output alert_syslog Giovanni P. Tirloni (Jan 14)
- Re: output alert_syslog Matt Kettler (Jan 14)
- <Possible follow-ups>
- RE: output alert_syslog Steve Halligan (Jan 14)