Re: A little Off Topic : syslog configuration

[Jyri Hovila <jyri.hovila () iki fi>]

Hi!

DM> How would one configure syslog.conf to force all
DM> messages coming from say host1 into a particular file ex. /var/log/host1.log

What I did was that I replaced syslog with syslog-ng. First of all that
enables you to send syslog events to central server via TCP instead of
UDP. If you wish you can easily wrap the traffic into SSL tunnel with
stunnel. And it's a piece of cake to divide Snort logs into separate
directories based on hosts. I started using syslog-ng couple of months
ago and I'm definately going to stick with it. =)

Check out http://www.campin.net/syslog-ng/expanded-syslog-ng.conf for an
example. Look for line "#  Special catch all destination sorting by
host".

- Jyri



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users