Re: Snort 1.8.3-5 Syslog output on RH 7.2

[Chris Green <cmg () uab edu>]

"D&D Jordan" <info () dndjordan com> writes:

> I have been trying to get snort to output to syslog for collection.
> I have been unsuccessful.
> My understanding was that snort by default logged to syslog,

It logs status messages to syslog but not packet alerts

> but I have intentionally attacked my own network and still nothing
> to syslog.  I have entries being logged to /var/log/snort/log and
> several date@time entries but nothing is going to syslog.  When I
> uncomment the "alert_syslog" output option, it logs an error to
> /var/log/messages and exits.  Would anyone be willing to share with
> me the solution to this problem?

There is a -A fast -b on the command line for the
/etc/rc.d/init.d/snortd script

Remove these lines and syslog output can be yours.

If you run the snort command ( in snortd ) without the -D argument, it
will show you that command line arguments are overriding config file

Perhaps this warning should be tossed to syslog as well
-- 
Chris Green <cmg () uab edu>
A good pun is its own reword.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users