Snort mailing list archives

Re: Setting up snort to syslog diffrent priority's

From: Erek Adams <erek () snort org>
Date: Tue, 29 Apr 2003 12:55:44 -0400 (EDT)

On Tue, 29 Apr 2003, Jason A. Kates wrote:

What I am looking to do is to have snort do remote logging via syslog.

Currently all of the syslog messages received from my snort
installation are being logged with a syslog level of info.

I would like to map the snort Priorities to syslog levels and I don't
seem to see how to do it.

I would like to be able to setup a mapping such as:
snort priority: 1  to syslog level err
snort priority: 2  to syslog level warning
snort priority: 3  to syslog level notice


If my configurations or startup script would be of any use please let me
know.


You might want to use syslog-ng [0].  You can build regex syslog configs.
That would allow you to send p2 alerts to warning, and so on.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]     http://www.balabit.com/products/syslog_ng/


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Setting up snort to syslog diffrent priority's Jason A. Kates (Apr 29)
- Re: Setting up snort to syslog diffrent priority's Erek Adams (Apr 29)
- <Possible follow-ups>
- RE: Setting up snort to syslog diffrent priority's L. Christopher Luther (Apr 29)