Re: Logging problems on Windows using the -E switch

["Michael Steele" <michaels () winsnort com>]

For some reason my guide said it was 'output alert_syslog: LOG_AUTH LOG_ALERT' which did nothing. Then I was pointed to 
the -E switch, which only logs to the Application log.

This works :)

Best regards,
Michael...

> -----Original Message-----
> From: Todd Wease [mailto:twease () sourcefire com]
> Sent: Thursday, January 31, 2013 1:47 PM
> To: Michael Steele
> Cc: snort-devel () lists sourceforge net
> Subject: Re: [Snort-devel] Logging problems on Windows using the -E switch
>
> On Thu, Jan 31, 2013 at 1:30 PM, Michael Steele <michaels () winsnort com>
> wrote:
> > It’s been awhile since I used this function. Using the –E switch sends
> > events to the Windows Application Log, but cuts off logging to unified2.
> >
> >
> >
> > I believe the –E switch used to send events to the Application Log and
> > the ‘output database’ at the same time; Pre Barnyard2?
> >
> >
> >
> > Can this be fixed so the –E switch does not block other output logging
> > options?
> >
> >
> >
> > Best regards,
> >
> > Michael...
>
> Hi Michael,
>
> You should be able to get rid of the '-E' switch and add the following to your
> snort.conf:
>
>   output alert_syslog: LOG_AUTH LOG_INFO
>
> Todd



------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_jan
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!