Interesting snort, chroot, syslog behavior

[James Lay <jlay () slave-tothe-box net>]

So...here's the startup line:

/chroot/snort/usr/sbin/snort -u nobody -g nobody -i eth0 -D -o
-c /chroot/snort/etc/snort/snort.conf -l /chroot/snort/var/log/snort
-t /chroot

Relevant snort.conf syslog entries:

output alert_syslog: LOG_AUTH LOG_ALERT

syslog startup command:

/usr/sbin/syslogd -r -m 0 -a /chroot/snort/dev/log

When testing, running snort with (same as above just without -D):

/chroot/snort/usr/sbin/snort -u nobody -g nobody -i eth0 -o
-c /chroot/snort/etc/snort/snort.conf -l /chroot/snort/var/log/snort
-t /chroot

I get no syslog entries.  If run as above, syslog works fine.  Is there
a reason for that?  Thanks!

James


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users