Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Hi all

From: Matt Kettler <mkettler () evi-inc com>
Date: Fri, 01 Oct 2004 13:10:22 -0400
At 12:57 PM 10/1/2004, Raffael Maio wrote:
I m looking to use the output plugin with snort. But when I configure one of them it said me : Unrecognized syslog facility/priority: host=192.168.1.1:514 

I see on documentation that I could make an output plugin in the snort.conf.

I do that and I put this exactly line:

output alert_syslog: host=192.168.1.1:514, log_auth log_alert
That variant is *ONLY* supported on win32.. ARe you using a windows box? If not, remove the host statement. Also, make sure LOG_AUTH and LOG_ALERT are in caps, not lower case.
If you need to forward your logs to a different system on a unix box, configure your syslog.conf to forward the messages to the approprate server. How this is done depends on what syslogd you are using. Consult your manpages on syslog.conf. 



-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: