RE: Snort Syslog Alerts on Win32

["Don Weber" <Don () WeberOnTheWeb com>]

RE: [Snort-users] Snort Syslog Alerts on Win32
  -----Original Message-----

  And the reason I don't use the alert/log command line parameters (e.g.,
"-A fast") is because it is my understanding and experience that these
override the alert/log output plug-ins specified in snort.conf.

  -----Original Message-----


    -----Original Message-----

    And the reason I don't use the alert/log command line parameters (e.g.,
"-A fast") is because it is my understanding and experience that these
override the alert/log output plug-ins specified in snort.conf.

    -----Original Message-----
    on win32 the ONLY way to do syslog, is to do it ON the command line, if
you have alerts or tcpdump in the snort.conf, they will still work, syslog
cannot be done on win32 in the snort.conf, well, unless things have
seriously changed alot. personally, i do tcpdump, and remote syslogging,
then if i need to look at something specific in the alerts, i just do an
extraction from the tcpdump file, there never was anyone that could get it
to do syslog from within the snort.conf on win32, oh, i am speaking of
versions prior to 1.9, i'm not sure on any version 1.9 or more recent. come
to think of it, i may do the

    i run it as a service as well, in this format

    snort -c c:\snort\snort.conf -s ip.add.re.ss:514 -o

    i do have the following in the snort.conf

    output log_tcpdump: snort.log

    all works well for what i need out of it. your right as far as command
line overriding other options in the .conf file, yet for this it doesnt, at
least not for my usages which is only tcpdump.

    Don