Snort mailing list archives
RE: Alert OR syslog?
From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Fri, 6 Dec 2002 12:56:51 -0500
Snort's command line directives sometimes do "strange" (my opinion only) things, so it is possible that by specifying two alert facilities on the command line, one is taking precedence over the other. Instead, I use output directives in the snort.conf file to specify multiple log and/or alert facilities. Have you tried placing the following in your snort.conf: output alert_full: alert.ids alert_syslog: LOG_AUTH LOG_ALERT And removing the "-A fast" and "-s" command line options? This will alert first to the ASCII file alert.ids, then to the syslog facility. - Christopher -----Original Message----- From: "Weiss, Jeffrey H." <Jeffrey.Weiss () Pleasantco com> To: snort-users () lists sourceforge net Date: Thu, 5 Dec 2002 08:51:05 -0700 Subject: Alert OR syslog? I am wondering why I cannot get both an alert log written AND syslogging to occur. My command line invocation: snort -b -c /usr/local/etc/snort/snort.conf -I -A full -l /logs/UA/snort -s -i qfe0 Pertinent snort.conf(?): output alert_syslog: LOG_ALERT Is there something too obvious here? Thanks! Jeffrey Weiss
Current thread:
- Alert OR syslog? Weiss, Jeffrey H. (Dec 05)
- Re: Alert OR syslog? Alberto Gonzalez (Dec 05)
- <Possible follow-ups>
- RE: Alert OR syslog? Weiss, Jeffrey H. (Dec 05)
- RE: Alert OR syslog? Don (Dec 05)
- RE: Alert OR syslog? Don (Dec 05)
- RE: Alert OR syslog? Don (Dec 05)
- RE: Alert OR syslog? Steve Halligan (Dec 05)
- RE: Alert OR syslog? Weiss, Jeffrey H. (Dec 05)
- Re: Alert OR syslog? Alberto Gonzalez (Dec 05)
- RE: Alert OR syslog? Weiss, Jeffrey H. (Dec 05)
- RE: Alert OR syslog? L. Christopher Luther (Dec 06)
- Re: RE: Alert OR syslog? Erek Adams (Dec 06)