Snort mailing list archives
Re: Remote Syslog...
From: Erek Adams <erek () snort org>
Date: Tue, 7 Oct 2003 08:54:21 -0400 (EDT)
On Mon, 6 Oct 2003, Mike Koponick wrote:
I have been trying to configure snort to log to a remote syslog server.
[...snip...]
I'm using 2.0 Snort on Linux 9.0.
*bzzzttt* No such animal as "Linux 9.0". Linux is currently at 2.4.x kernel level. Various distro's have naming schemes that might fit the 9.0 statement. Yes, it seems minor, but it's really not--It really helps to know exactly what you're dealing with while troubleshooting. Perhaps you meant "RedHat 9.0"?
Syslog.conf: auth.alert @console
You really need to read the man page for syslog.conf. Here's a snippet from my OpenBSD box that might shed some light on that for you: # Everybody gets emergency messages, plus log them on another # machine. *.emerg * *.emerg @arpa.berkeley.edu So to adapt that to you: auth.alert @some.other.host And then you'll need to change some.other.host's syslog.conf so that it will send those alerts to console.
/usr/local/bin/snort -o -z -i eth1 -d -D -c \ /etc/snort/snort.conf -I -A full -s console:514
*bzzzt* Snort does not take any options for Syslog output. It logs to a local syslog daemon, and that daemon sends it onto a remote one. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Remote Syslog... Mike Koponick (Oct 06)
- <Possible follow-ups>
- Remote Syslog... Mike Koponick (Oct 06)
- Re: Remote Syslog... Erek Adams (Oct 07)