Snort mailing list archives

output alert_syslog

From: "Giovanni P. Tirloni" <gpt () tirloni org>
Date: Tue, 14 Jan 2003 17:04:42 -0200

Hi,

 I've configured snort 1.9.0 to use syslog and edited syslog.conf so it logs
 local5.alert to /var/log/snort.alert but it's logging to that file AND
 /var/log/messages. I'd like to log to snort.alert only.
 
 Here is the relevant information:
 
 snort.conf:
 
 [...]
 output alert_syslog: LOG_LOCAL5 LOG_ALERT
 output log_unified: filename snort.log, limit 128
 [...]


 syslog.conf:
 
 *.err;*.notice;kern.debug;lpr.info;mail.crit;news.err   /var/log/messages
 security.*                                      /var/log/security
 auth.notice;auth.info;authpriv.info             /var/log/auth.log
 mail.info                                       /var/log/maillog
 cron.*                                          /var/log/cron
 *.emerg                                         *
 local5.alert                                    /var/log/snort.alert
 console.info                                    /var/log/console.log
 
 
 # ls -l /var/log/snort.alert
 -rw-r--r--  1 root  wheel  2015 Jan 14 16:45 snort.alert
 
 # ls -l /var/log/snort/
 -rw-r--r--  1 snort  snort  489509 Jan 14 16:54 scan.log
 -rw-r--r--  1 snort  snort    1119 Jan 14 16:45 snort.alert
 -rw-r--r--  1 snort  snort     452 Jan 14 12:56 snort.log.1042555093
 -rw-r--r--  1 snort  snort     514 Jan 14 12:58 snort.log.1042556289
 -rw-r--r--  1 snort  snort      24 Jan 14 16:40 snort.log.1042569610
 
 I'm running snort with this command line:
 
  /usr/local/bin/snort -D -c /usr/local/etc/snort.conf -i fxp0 -p -z -u snort \
  -g snort -m 022

 Thanks in advance (and sorry if it is obvious),
 
--
Giovanni P. Tirloni
gpt () tirloni org


-------------------------------------------------------
This SF.NET email is sponsored by: Take your first step towards giving 
your online business a competitive advantage. Test-drive a Thawte SSL 
certificate - our easy online guide will show you how. Click here to get 
started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

output alert_syslog Giovanni P. Tirloni (Jan 14)
- Re: output alert_syslog Matt Kettler (Jan 14)
- <Possible follow-ups>
- RE: output alert_syslog Steve Halligan (Jan 14)