Snort mailing list archives
strange problem with syslog in 2.20
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Thu, 2 Sep 2004 21:16:26 +1200
I've just upgraded our dev Snort server from 2.1.3 to 2.2.0 and it seems the syslog output processor is broken. Here's the confg: grep ^out /etc/snort/snort.conf output alert_syslog: LOG_AUTH LOG_ALERT output database: log, mysql,.... ..and here's how snort is called /usr/sbin/snort-mysql-220 -i eth2 -c \ /etc/snort/snort.conf -U -y -u snort -g \ snort -e -o -I -l log -t /var/log/snort not esp When I trigger an alert, it shows up in MySQL - but doesn't *normally* show up in syslog. I'd say around 90% fail to show up. If I move back to 2.1.3 WITH THE SAME CONFIG - it all works again. BTW, this is with syslog-ng under RH7 if that makes a difference. Any ideas? -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- strange problem with syslog in 2.20 Jason Haar (Sep 02)