Snort mailing list archives

RE: Output Plugin

From: "Jeff Dell" <jdell () activeworx com>
Date: Thu, 17 Jun 2004 09:03:11 -0400

I would set different facility levels for each sensor instance, example:

Sensor1 add :
output alert_syslog: LOG_LOCAL1 LOG_ALERT

Sensor2 add :
output alert_syslog: LOG_LOCAL2 LOG_ALERT

Sensor3 add :
output alert_syslog: LOG_LOCAL3 LOG_ALERT

Sensor4 add :
output alert_syslog: LOG_LOCAL4 LOG_ALERT

Sensor5 add :
output alert_syslog: LOG_LOCAL5 LOG_ALERT

Jeff

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jürgen
Schinker
Sent: Thursday, June 17, 2004 8:51 AM
To: Snort-users () lists sourceforge net
Subject: [Snort-users] Output Plugin

hello

how can i tag the syslog from snort over the output plugin
I got 5 instances of Snort running on 5 interfaces

this doesn't work

# [Unix flavours should use this format...]
output alert_syslog: LOG_AUTH LOG_ALERT
output alert_syslog: Zone=Intern,LOG_AUTH LOG_ALERT

mfg

Jürgen Schinker


-------------------------------------------------------
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users




-------------------------------------------------------
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Output Plugin Jürgen Schinker (Jun 17)
- RE: Output Plugin Jeff Dell (Jun 17)
- Re: Output Plugin Alejandro Flores (Jun 18)