Snort mailing list archives

Re: Syslog trouble

From: Rich Adamson <radamson () routers com>
Date: Tue, 29 May 2001 14:20:48 -0600

Im sure this is an easy question but its been giving me trouble for a while.

I can't seem to get anything to log to syslog.  Logging is fine in the 
directories (Im using 1.7).

This is the command line:  snort -i eth1 -D -s -l /var/log/snort

in snort.conf Ive tried output: alert_syslog: LOG_AUTH LOG_INFO

I have also tried without that and still nothing.  Im testing with the rule

alert any any any <> any any (msg: "STUFF: ";)


I'd like to see the alerts go to /var/log/messages.  My syslog.conf looks 
to be ok.  Haven't changed it from the default (rh 7.1).

Please reply to my address as well (I use digests).  Thanks


Mike,

To have snort send syslog messages, the command line must include
"-s 10.1.1.1" as in...
  snort -i eth0 -s 10.1.1.1 -D ... etc

The LOG_AUTH and LOG_INFO parameters have no usefull purpose as it appears
the source code to handle changing these two parameters was never
implemented.

Rich


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Syslog trouble Michael J Clark (May 29)
- spp_http_decode: CGI Null Byte attack detected John Johnson (May 29)
- Re: Syslog trouble Rich Adamson (May 29)
- Re: Syslog trouble John Sage (May 30)
  - Re: Syslog trouble Michael J Clark (May 30)
    - Re: Syslog trouble John Sage (May 30)