help with snort output to syslog - solaris

[David Lundy <dlundy () PACIFIC EDU>]

I have been unsuccessful in getting snort to output to syslog.  I am trying to log locally on syslog with a view to 
sending syslog to a SIEM on another machine.

Operating System: Solaris 10 8/07 SPARC

Snort version:  2.9.0.5

Launching snort with the command although I have tried other variations:

/usr/local/bin/snort -A full -s -i nxge0 -u snort -g snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort

Relevant lines from snort.conf:

# syslog
output alert_syslog: LOG_LOCAL5 LOG_ALERT

Relevant lines from syslog.conf

# Local logs for thor
local5.info                     /var/log/snortlog

I have verified that syslog does log local5 messages using logger.  Snort seems to working except for syslog logging.

Would appreciate help.

David Lundy

------------------------------------------------
David Lundy
Assistant IT Security Officer
University of the Pacific
Stockton, CA 95211
Email: dlundy () pacific edu<mailto:dlundy () pacific edu>
Voice: 209-946-3951
Fax: 209-946-2898

------------------------------------------------------------------------------
10 Tips for Better Web Security
Learn 10 ways to better secure your business today. Topics covered include:
Web security, SSL, hacker attacks & Denial of Service (DoS), private keys,
security Microsoft Exchange, secure Instant Messaging, and much more.
http://www.accelacomm.com/jaw/sfnl/114/51426210/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please see http://www.snort.org/docs for documentation