Snort Standard out / error logging (UNCLASSIFIED)

["Wright, Jonathon S CTR (US)" <jonathon.s.wright.ctr () mail mil>]

Classification: UNCLASSIFIED
Caveats: NONE

Hey list, 

This might be an easy one. So 
I know that you can change the logging directory with the -l option, but
that is specifically for snort alerts. I'm looking to change the standard
out and error logging directory. 

Here is how I startup snort now:

/usr/sbin/snort -D -i em1 -u my_user -g my_group -c
/usr/local/etc/snort/snort.conf -l /var/data/snort -F
/usr/local/etc/snort/filter.conf -m 027 --pid-path /var/data/snort
--nolock-pidfile


I'm running RHEL 6.5 64bit with snort 2.9.5.6, and during startup, all the
information / warnings go to /var/log/messages. I want the standard out /
error messages (2&1) to go to something like /var/log/snort. I'm looking for
a similar solution for barnyard2 as well. Is it as simple as redirecting the
/etc/init.d/snortd startup to 2&1 >> /var/log/snort, or is there a CLI
option I can add to my startup line above to achieve the same thing?

Thanks!

JW

Classification: UNCLASSIFIED
Caveats: NONE

Attachment: smime.p7s
Description:

------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!