Snort mailing list archives
Re: Remote syslogging of snort
From: Paul Schmehl <pauls () utdallas edu>
Date: Wed, 14 Jul 2004 13:23:15 -0500
Perfect. Thanks a lot.--On Wednesday, July 14, 2004 12:14:54 PM -0400 sekure <sekure () gmail com> wrote:
http://www.snort.org/docs/snort_manual/node20.html What you want is: alert_syslog: LOG_LOCAL1 LOG_DEBUG On Wed, 14 Jul 2004 10:37:53 -0500, Paul Schmehl <pauls () utdallas edu> wrote:I'm trying to set up snort to do remote sysloging. So I put this line in the snort.conf file: output alert_syslog: local1.debug But when I restart snort, I get this error message in /var/log/messages: WARNING /usr/local/etc/snort.conf (419) => Unrecognized syslog facility/priority: local1.debug Does snort not recognize the local logging facilities? Or do I have a syntax error? (/etc/syslog.conf reads "local1.debug @{sysloghost} Sysloghost /etc/syslog.conf reads "local1.debug /var/log/snort.log) Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: RE: Network Behaviour Anomoly Detection Martin Roesch (Jul 13)
- Remote syslogging of snort Paul Schmehl (Jul 14)
- Re: Remote syslogging of snort sekure (Jul 14)
- Re: Remote syslogging of snort Paul Schmehl (Jul 14)
- Re: Remote syslogging of snort sekure (Jul 14)
- Re: RE: Network Behaviour Anomoly Detection sekure (Jul 14)
- Re: RE: Network Behaviour Anomoly Detection Bamm Visscher (Jul 14)
- Re: RE: Network Behaviour Anomoly Detection Lawrence Reed (Jul 14)
- Re: RE: Network Behaviour Anomoly Detection Bamm Visscher (Jul 14)
- Remote syslogging of snort Paul Schmehl (Jul 14)