Snort mailing list archives
Re: Log snort alerts to a specific file
From: Daniel Purcell <dpurcell () nitrosecurity com>
Date: Mon, 16 May 2005 09:22:18 -0600
Bahya,It seems to be a syslog question. Read the man page for your syslog daemon. I'm sure that /var/log/messages is set to record everything, including local0. You should be able to edit your /etc/syslog.conf file and tell syslog not to record local0 facility logs into /var/log/messages.
-Dan Bahya NASSR EDDINE wrote:
Hi all, I want to set snort log its alerts to a file (eg: /var/log/snort/alertfile.log). I then set "output alert_syslog: log_local0" in snort.conf and I set "local0.* /var/log/snort/alertfile.log" in syslog.conf. Snort begun then logging its alerts to the /var/log/snort/alertfile.log file but also to the /var/log/messages file!! How may stop disable logging snort alerts to /var/log/messages? Thanks_____________________________________________________________________________ Découvrez le nouveau Yahoo! Mail : 1 Go d'espace de stockage pour vos mails, photos et vidéos ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7393&alloc_id=16281&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7393&alloc_id=16281&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Log snort alerts to a specific file Bahya NASSR EDDINE (May 16)
- Re: Log snort alerts to a specific file Daniel Purcell (May 16)
- <Possible follow-ups>
- Re: Log snort alerts to a specific file Bahya NASSR EDDINE (May 16)