Snort mailing list archives
Re: logging to syslog
From: "Madhav Diwan" <mdiwan () wagweb com>
Date: 20 Feb 2002 13:33:18 -0500
Thank you .. That works quite well. Madhav On Wed, 2002-02-20 at 11:14, Chris Green wrote: Madhav Diwan <mdiwan () wagweb com> writes:
Is there a way to log alerts to the /var/log/secure file instead of
the
/var/log/messages file? I am using redhat 7.2 snort 1.8.3-5 and the following commandline in /etc/init.d/snortd: daemon /usr/sbin/snort -l /var/log/snort -d -D \ -i $INTERFACE -c /etc/snort/snort.conf /etc/snort/snort.conf is configured to log to syslog output alert_syslog: LOG_AUTH LOG_ALERT
rh 7.2 syslog.conf: # The authpriv file has restricted access. authpriv.* /var/log/secure try: output alert_syslog: LOG_AUTHPRIV LOG_ALERT according to rh 7.2 syslog(3), LOG_AUTH security/authorization messages (DEPRECATED Use LOG_AUTHPRIV instead) LOG_AUTHPRIV security/authorization messages (private) obsd 3.0's LOG_AUTH The authorization system: login(1), su(1), getty(8), etc. LOG_AUTHPRIV The same as LOG_AUTH, but logged to a file readable only by selected individuals. so it does seem atleast 2 people agree that AUTHPRIV stuff goes to secure which is where trusted admins can look rather than pimply faced youths.
but the messages end up in the messages file and i want them to go to the secure file as they did in snort 1.7. --
Chris Green <cmg () uab edu> To err is human, to moo bovine. Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. Wagner Weber & Williams _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- logging to syslog Madhav Diwan (Feb 20)
- Re: logging to syslog Chris Green (Feb 20)
- Re: logging to syslog Madhav Diwan (Feb 20)
- <Possible follow-ups>
- RE: logging to syslog Chris Arnold (Feb 20)
- Re: logging to syslog Chris Green (Feb 20)