Snort mailing list archives
RE: Snort logging to MySQL but not to syslog
From: Bahya NASSR EDDINE <bahya_nassr () yahoo fr>
Date: Wed, 14 Sep 2005 12:56:10 +0200 (CEST)
--- "Dahlmann, Stephan" <Stephan.Dahlmann () zapp com> a écrit :
Hi all, Is there a problem when both ouput plugins (database and alert_syslog) are activated?
No, there should be no problem when logging snort alerts to both a database and syslog. I am working on the same situation and everything is working correctly. I actually log snort alerts to a file different from /var/log/messages (in addition to a database). I then used a LOG_LOCAL facility: 1.In snort.conf, add the line: output alert_syslog: LOG_LOCAL0 2.then, in syslog.conf: modify the line that containes /var/log/messages and add local0.none, so that snort alerts won't be logged to /var/log/messages file. add the line "local0.* /path/to/snort_log_file", snort alerts will then be logged to the /path/to/snort_log_file file. I hope this would be handy. Regards ___________________________________________________________________________ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort logging to MySQL but not to syslog Dahlmann, Stephan (Sep 14)
- RE: Snort logging to MySQL but not to syslog Bahya NASSR EDDINE (Sep 14)
- <Possible follow-ups>
- RE: Snort logging to MySQL but not to syslog Dahlmann, Stephan (Sep 14)