Snort mailing list archives
Remote Syslog...
From: "Mike Koponick" <mike () redhawk info>
Date: Mon, 6 Oct 2003 15:23:04 -0700
Hello! I have been trying to configure snort to log to a remote syslog server. I have the remote syslog server setup to accept syslog packets (and is accepting them from the firewall device), but am having a problem getting snort to start. I consulted 3.20 in the FAQ without any luck. I'm using 2.0 Snort on Linux 9.0. Syslog.conf: auth.alert @console ************************************************************************ * Portion of the snort startup file: /usr/local/bin/snort -o -z -i eth1 -d -D -c \ /etc/snort/snort.conf -I -A full -s console:514 ************************************************************************
From the /var/log/messages file:
Oct 6 15:07:17 ids1 kernel: eth1: Promiscuous mode enabled. Oct 6 15:07:17 ids1 snort: OpenPcap() device eth1 network lookup: ^Ieth1: no IPv4 address assigned Oct 6 15:07:17 ids1 snort: FATAL ERROR: OpenPcap() FSM compilation failed: ^IPCAP command: %s Oct 6 15:07:17 ids1 snortd: snort startup failed ************************************************************************ Thanks in advance, Mike Mike Koponick RedHawk. - Network Engineering mike () redhawk info ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify security () redhawk info. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Remote Syslog... Mike Koponick (Oct 06)
- <Possible follow-ups>
- Remote Syslog... Mike Koponick (Oct 06)
- Re: Remote Syslog... Erek Adams (Oct 07)