snort and syslog

["Douglas F. Elznic" <dfe () anize org>]

Hello,
I have a real easy question about snort and syslog. i am obviously
missing someting...

 I have the follwoning line in my snort.conf:

output alert_syslog: LOG_AUTH LOG_ALERT

Snort gets started like this:
echo -n "Starting snort: "
        daemon /usr/sbin/snort -u snort -g snort  -d -D \
        -l /var/log/snort -b -i $INTERFACE  -c /etc/snort/snort.conf

and I thought I should send the messages to a remote host with a syslog
entry like this:

snort.*                @loghost

But that does not work. if I do *.* i get all the messages sent to the
remote host like you would expect. How do I get it to only send snort
messages?

Thanks in advance. I know I am missing simething real stupid here...


--
+------------------+---------------------------------------------------+
|  Douglas Elznic  |        GPG Key: <dfe () anize org> 0x13300731        |
+------------------+---------------------------------------------------+
|  Thinker-@-Large | Pub Key:                                          |
|   dfe () anize org  | http://web.syr.edu/~dfelznic/dfe.asc              |
| dfelznic () syr edu | Fingerprint:                                      |
|  dfe () lsb syr edu | EF9C 7E3C 0327 EAAF 1E20 5299 0805 7531 1330 0731 |
| http://anize.org | * This key will be used for all email addresses * |
+----------------------------------------------------------------------+
|         All emails should be accompanied by a gpg signature.         |
+----------------------------------------------------------------------+

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users