Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: About syslog messages in snort

From: "C. L. Martinez" <carlopmart () gmail com>
Date: Fri, 21 Nov 2014 13:47:29 +0000
Thanks Robert, but according to snort's docs -G flag it is for eventid
generated by one sensor ... Right??

On Fri, Nov 21, 2014 at 1:22 PM, Robert Millott
<robm () millottandassociates com> wrote:

Check out the -G option for starting snort.

Also google it. I had some problems with it a few months back, but finally
got it figured out. I think I posted the results, but if you need some more
help, I can share what I've done.

On Fri, Nov 21, 2014 at 2:34 AM, C. L. Martinez <carlopmart () gmail com>
wrote:


Hi all

 I have installed two snort instances in one host (both are snort
2.9.7.0). One snort instance has so_rules only and the other instance
the rest of the rules.

 Ok. I need to differentiate syslog messages between these snort
processes using, for example, a specific entry like "snort_so-sensor1"
or "snort-sensor2" and, if it is possible, redirect all snort's syslog
entries to a different log file.

 Exists some option when snort starts or inside conf file to do this??

 I don't see anything about this in snort docs.

 Thanks.


------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE

http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!





--
Robert Millott
President, Millott and Associates
(443) 255-3588


------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: