RE: How to Get Snort 1.8.1b4 to write to /var/log/secure

[Erek Adams <erek () theadamsfamily net>]

On Thu, 2 Aug 2001, Erik Norman wrote:

> I'm experiencing the same thing. I believe the docs says that on Linux
> systems, such as mine, it should be /var/log/secure.
>
> Can I configure it via the alert_syslog plugin?

Yeppers.  Have a look at README and snort.conf

[README]
    -s      Log alert messages to the syslog.  On linux boxen, they
                will appear in /var/log/secure, /var/log/messages on
            many other platforms.  You can change the logging facility
            by using the syslog output plugin, at which point the -s
            switch should not be used (command line alert/log switches
            override any config file output variables).

[snort.conf]
# alert_syslog: log alerts to syslog
# ----------------------------------
# Use one or more syslog facilities as arguments
#
# output alert_syslog: LOG_AUTH LOG_ALERT


Be sure to keep in mind that your /etc/syslog.conf is what "really" tells the
alerts where to go.   If you point LOCAL7 at say /var/log/snort/snortlog then
all your alerts will be in that one file.

> Anyone?

Beuler?  :)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users