Remote Syslog...

["Mike Koponick" <mike () redhawk info>]

Hello!

I have been trying to configure snort to log to a remote syslog server.

I have the remote syslog server setup to accept syslog packets (and is
accepting them from the firewall device), but am having a problem
getting snort to start.

I consulted 3.20 in the FAQ without any luck.

I'm using 2.0 Snort on Linux 9.0.

Syslog.conf:

auth.alert                                              @console

************************************************************************
*

Portion of the snort startup file:

       /usr/local/bin/snort -o -z -i eth1 -d -D -c \
/etc/snort/snort.conf -I -A full -s console:514

************************************************************************
> From the /var/log/messages file:

Oct  6 15:07:17 ids1 kernel: eth1: Promiscuous mode enabled.
Oct  6 15:07:17 ids1 snort: OpenPcap() device eth1 network lookup:
^Ieth1: no IPv4 address assigned
Oct  6 15:07:17 ids1 snort: FATAL ERROR: OpenPcap() FSM compilation
failed:  ^IPCAP command: %s
Oct  6 15:07:17 ids1 snortd: snort startup failed

************************************************************************

Thanks in advance,

Mike

 Mike Koponick
 RedHawk. - Network Engineering
 mike () redhawk info

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify
 security () redhawk info.
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users