Snort mailing list archives
Re: A little Off Topic : syslog configuration
From: Erek Adams <erek () snort org>
Date: Wed, 17 Sep 2003 08:51:07 -0400 (EDT)
On Tue, 16 Sep 2003, Dave Morrow wrote:
Hi all. My question is a little off topic, but hopefully someone will be kind enough to lend a hand. I am in the process of actually performing some intrusion detection, using Snort, ACID, etc. and am having some degree of difficulties with Syslog. What I would like to do is have syslog messages which originate from a specific host, put in a specific logfile for insertion into the snort database by logsnorter. How would one configure syslog.conf to force all messages coming from say host1 into a particular file ex. /var/log/host1.log
Two things: * I don't think that 'standard' syslog (vixie style) can do that. You'll have to move to syslog-ng or something like it. Perhaps Metalog (Gentoo linux distro). * Dude, trim the default sig your company has! :) You've got 4 penalty drinks [0] just from that! You'll get obliterated by the time you read your email for the day! ;-) Cheers! *clink* ;-) ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson [0] http://www.theadamsfamily.net/~erek/snort/drinking_game.txt ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- A little Off Topic : syslog configuration Dave Morrow (Sep 16)
- Re: A little Off Topic : syslog configuration Jyri Hovila (Sep 16)
- Re: A little Off Topic : syslog configuration Erek Adams (Sep 17)