Re: Is the -s switch still there?

[Erek Adams <erek () snort org>]

On Thu, 21 Aug 2003, Donald Heffernan wrote:

> Is the -s switch still a feature? I have been using Snort for years in a
> very low tech way on my home network. I don't have it output to a DB. I
> simply modified a copy of Andy Swan's snort2html and used that to
> generate an html file from alerts posted to /var/log/secure with the -s
> switch. I just upgraded to a 2.x version of Snort and find that no
> alerts are going to var/log/secure when I start it with the -s switch.

> From the output of 'snort -?':

[...]
        -s         Log alert messages to syslog
[...]

Still works as it did.  Check and see where your syslog.conf is logging
the auth.info facility to.

> Can I still do this? Alternatively, does anyone have a simple script for
> quickly viewing alerts from /var/log/snort or from alert_fast? I don't
> get enough traffic at warrant an elaborate setup.

Sure!

        tail -f /var/log/snort/alert

Can't get too much simpler than that! ;-)  Seriously, that may work for
you, or you might something a bit more.  Check out the report generators
on the Snort website--There's about 5 or so in the contrib download
section.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users