RE: Snort logging to MySQL but not to syslog

[Bahya NASSR EDDINE <bahya_nassr () yahoo fr>]

--- "Dahlmann, Stephan" <Stephan.Dahlmann () zapp com> a
écrit :

> Hi all,
> Is there a problem when both ouput plugins (database
> and alert_syslog)
> are activated?

No, there should be no problem when logging snort
alerts to both a database and syslog. I am working on
the same situation and everything is working
correctly.

I actually log snort alerts to a file different from
/var/log/messages (in addition to a database). I then
used a LOG_LOCAL facility:

1.In snort.conf, add the line: “output alert_syslog:
LOG_LOCAL0” 
2.then, in syslog.conf:
modify the line that containes /var/log/messages and
add local0.none, so that snort alerts won't be logged
to /var/log/messages file.
add the line "local0.* /path/to/snort_log_file", snort
alerts will then be logged to the
/path/to/snort_log_file file”.

I hope this would be handy.

Regards



        

        
                
___________________________________________________________________________ 
Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger 
Téléchargez cette version sur http://fr.messenger.yahoo.com


-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users