Re: Log snort alerts to a specific file

[Bahya NASSR EDDINE <bahya_nassr () yahoo fr>]

Thank you Dan for your response.

In fact, this is due to the syslog configuration.

In syslog.conf, I added local0.none to the line that
containes /var/log/messages (it is the line that
defines what should be logged to /var/log/messages).

Now, snort logs its alerts only to the specified log
file (/var/log/snort/alertfile.log)!

Thanks again

Bahya

--- Daniel Purcell <dpurcell () nitrosecurity com> a
écrit:
> Bahya,
>
> It seems to be a syslog question.  Read the man page
> for your syslog 
> daemon.  I'm sure that /var/log/messages is set to
> record everything, 
> including local0.  You should be able to edit your
> /etc/syslog.conf file 
> and tell syslog not to record local0 facility logs
> into /var/log/messages.
>
> -Dan
>
> Bahya NASSR EDDINE wrote:
>
> > Hi all,
> >
> > I want to set snort log its alerts to a file (eg:
> > /var/log/snort/alertfile.log). I then set "output
> > alert_syslog: log_local0" in snort.conf and I set
> > "local0.* /var/log/snort/alertfile.log" in
> > syslog.conf.
> > Snort begun then logging its alerts to the
> > /var/log/snort/alertfile.log file but also to the
> > /var/log/messages file!!
> > How may stop disable logging snort alerts to
> > /var/log/messages?
> >
> > Thanks
> >
> >
> >     
> >
> >     
> >             
>
> _____________________________________________________________________________
>
> > Découvrez le nouveau Yahoo! Mail : 1 Go d'espace de
> stockage pour vos mails, photos et vidéos ! 
> > Créez votre Yahoo! Mail sur
> http://fr.mail.yahoo.com
> >
>
> -------------------------------------------------------
> > This SF.Net email is sponsored by Oracle Space
> Sweepstakes
> > Want to be the first software developer in space?
> > Enter now for the Oracle Space Sweepstakes!
>
> http://ads.osdn.com/?ad_id=7393&alloc_id=16281&op=click
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or
> unsubscribe:
>
> https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
>
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >  
-------------------------------------------------------
> This SF.Net email is sponsored by Oracle Space
> Sweepstakes
> Want to be the first software developer in space?
> Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7393&alloc_id=16281&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or
> unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
>


        

        
                
_____________________________________________________________________________ 
Découvrez le nouveau Yahoo! Mail : 1 Go d'espace de stockage pour vos mails, photos et vidéos ! 
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com


-------------------------------------------------------
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7393&alloc_id=16281&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users