RE: Logging to dual hosts..

["Snort" <Snort () InterCept Net>]

You will need to specify another facility for EACH action, other words
you need another line to log to a different location, you can only
specify multiple actions if they are users...

 

local3.*
/var/log/snort/snort.log

local3.*                                                @1.2.3.4

 

put that into syslog.conf and restart syslog and you should see data in
both places, I do the samething for my logins on all my linux servers,
log locally and remotely. I dug up a little man/help page on the
internet for ya as well (aint I swell? :) )

 

http://www.cmdl.noaa.gov/hats/insitu/cats/stations/qnxman/syslogd.html

 

 

Thanks,

Michael Brown

  _____  

From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Marc
Hering
Posted At: Monday, March 21, 2005 10:45 AM
Posted To: Snort
Conversation: Logging to dual hosts..
Subject: [Snort-users] Logging to dual hosts..
  

Hey guys

I currently have snort set to log to Mysql as well as Syslog.  I am
having a problem getting Syslog to redirect itt's local3.* to both a
remote syslog host as well as the local logfile.

 

I have the following entry in my syslog.conf

 

local3.*                                                @1.2.3.4

 

If I try

local3.*
@1.2.3.4,/var/log/snort/snort.log

it only writes to the @1.2.3.4 address (Please note that all IP
addresses have been changed to protect the innocent :) )

 

According to the man pages and documentation for syslog this should
work.....what am I missing here? 

 

Thanks!

<M>