Snort mailing list archives
Re: snort and syslog
From: John Sage <jsage () finchhaven com>
Date: Mon, 23 Jul 2001 09:34:29 -0700
Douglas:Do you have an entry for the AUTH facility in /etc/syslog.conf (or it's equivalent..) on your system?
The first reference (LOG_AUTH) is to the facility, and the second (LOG_ALERT) is to the priority level (see: man syslog.conf)
FWIW, I decided to say: output alert_syslog: LOG_DAEMON LOG_ALERT to get output via syslog, having an entry in /etc/syslog.conf like this:# kern.* /dev/console kern.* /var/log/kernel # daemon.* /dev/console daemon.* /var/log/daemon
HTH.. - John -- John Sage FinchHaven, Vashon Island, WA, USA http://www.finchhaven.com/ mailto:jsage () finchhaven com "The web is so, like, five minutes ago..." Douglas F. Elznic wrote:
Hello, I have a real easy question about snort and syslog. i am obviously missing someting... I have the follwoning line in my snort.conf: output alert_syslog: LOG_AUTH LOG_ALERT Snort gets started like this: echo -n "Starting snort: " daemon /usr/sbin/snort -u snort -g snort -d -D \ -l /var/log/snort -b -i $INTERFACE -c /etc/snort/snort.conf and I thought I should send the messages to a remote host with a syslog entry like this: snort.* @loghost But that does not work. if I do *.* i get all the messages sent to the remote host like you would expect. How do I get it to only send snort messages? Thanks in advance. I know I am missing simething real stupid here... -- +------------------+---------------------------------------------------+ | Douglas Elznic | GPG Key: <dfe () anize org> 0x13300731 | +------------------+---------------------------------------------------+ | Thinker-@-Large | Pub Key: | | dfe () anize org | http://web.syr.edu/~dfelznic/dfe.asc | | dfelznic () syr edu | Fingerprint: | | dfe () lsb syr edu | EF9C 7E3C 0327 EAAF 1E20 5299 0805 7531 1330 0731 | | http://anize.org | * This key will be used for all email addresses * | +----------------------------------------------------------------------+ | All emails should be accompanied by a gpg signature. | +----------------------------------------------------------------------+ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort and syslog Douglas F. Elznic (Jul 22)
- Re: snort and syslog John Sage (Jul 23)
- <Possible follow-ups>
- RE: snort and syslog Shriman Gurung (Jul 23)