Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Logging to Both Syslog and MySql

From: twig les <twigles () yahoo com>
Date: Thu, 19 Sep 2002 11:21:33 -0700 (PDT)
My syslog info in snort.conf looks like this (we
customized the facilities):

output alert_syslog: LOG_LOCAL2 LOG_ALERT

My /etc/syslog.conf has this line:
local2.alert                  @loghost

My /etc/hosts file has this line:
1.1.1.1                       loghost

Setting the loghost in syslog.conf is the proper way
to set this up on a *nix box; you dont have to bounce
syslog when the loghost changes.  As for how to set up
syslog in windows, your guess is as good as mine.  I
just wanted to get this answered for the *nix googlers
because this question seems to pop up once every two
months.  Sorry I couldn't be more helpful to you.  Oh
yeah, I *don't* use the "-s" switch to start snort.


--- doswald () nexterna com wrote:

I know this subject has been covered before..I have
tried to do my homework
by searching the archives but I still don't seem to
be able to find the
answer to this issue.

I am running the 1.8 version of snort on Windows
2000 server and I am
trying to log both to a remote MySQL database and a
remote syslog server
with the following config in my snort.conf file

output alert_syslog: LOG_AUTH LOG_ALERT
host=172.16.9.38

output database: log, mysql, user=snort
password=snort dbname=snort
host=172.16.9.38 sensor_name=ids1

 I do get information in database but not my syslog
server, what am I
missing ? Is this possible ?

Thanks for any help in advance

Dave






-------------------------------------------------------

This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or
unsubscribe:


https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:


http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
Heavy metal made me do it.                        
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: