logging location

[Sean Browne <seanpbrowne () gmail com>]

Hi,

For testing/learning I have one rule:

alert ip any any -> any any ( msg:"Fred Alert";content:"fred";nocase; sid:
1; )

When this rule is triggered, a message is written to my /var/log/messages
file. How can I tell snort to log it somewhere else? I want to index the
alerts/messages with SPLUNK but I don't want all the other stuff found in
/var/log/messages.

I also use the command line option b so any captured data is saved in a
pcap type file.  This is completely separate right? There are the traffic
dumps in one locations and msgs/alerts somewhere else?

Many Thanks,

Sean

------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!