Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: A little Off Topic : syslog configuration

From: Erek Adams <erek () snort org>
Date: Wed, 17 Sep 2003 08:51:07 -0400 (EDT)
On Tue, 16 Sep 2003, Dave Morrow wrote:


Hi all. My question is a little off topic, but hopefully someone will be
kind enough to lend a hand.

I am in the process of actually performing some intrusion detection, using
Snort, ACID, etc. and am having some degree of difficulties with Syslog.
What I would like to do is have syslog messages which originate from a
specific host, put in a specific logfile for insertion into the snort
database by logsnorter.  How would one configure syslog.conf to force all
messages coming from say host1 into a particular file ex. /var/log/host1.log


Two things:

  * I don't think that 'standard' syslog (vixie style) can do that.
You'll have to move to syslog-ng or something like it.  Perhaps Metalog
(Gentoo linux distro).
  * Dude, trim the default sig your company has!  :)  You've got 4 penalty
drinks [0] just from that!  You'll get obliterated by the time you read
your email for the day!  ;-)

Cheers!  *clink*  ;-)

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]     http://www.theadamsfamily.net/~erek/snort/drinking_game.txt


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: