Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: logging to syslog

From: Chris Green <cmg () uab edu>
Date: Wed, 20 Feb 2002 10:14:46 -0600
Madhav Diwan <mdiwan () wagweb com> writes:


Is there a way to log alerts to the /var/log/secure file instead of the
/var/log/messages file? 

 I am using redhat 7.2  snort 1.8.3-5 
and the following commandline in /etc/init.d/snortd:

      daemon /usr/sbin/snort -l /var/log/snort -d -D \
               -i $INTERFACE -c /etc/snort/snort.conf

 /etc/snort/snort.conf is configured to log to syslog 

 output alert_syslog: LOG_AUTH LOG_ALERT



rh 7.2 syslog.conf:
# The authpriv file has restricted access.
authpriv.*                     /var/log/secure

try:
output alert_syslog: LOG_AUTHPRIV LOG_ALERT

according to rh 7.2 syslog(3),

 LOG_AUTH
        security/authorization messages (DEPRECATED Use LOG_AUTHPRIV instead)

 LOG_AUTHPRIV
              security/authorization messages (private)



obsd 3.0's

LOG_AUTH      The authorization system: login(1), su(1), getty(8), etc.

LOG_AUTHPRIV  The same as LOG_AUTH, but logged to a file readable only by
              selected individuals.

so it does seem atleast 2 people agree that AUTHPRIV stuff goes to
secure which is where trusted admins can look rather than pimply faced
youths.


but the messages end up in the messages file
and i want them to go to the secure file as they did in snort 1.7.
-- 

Chris Green <cmg () uab edu>
To err is human, to moo bovine.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: