Re: snort not sending messages to syslog

[Eric Hines <eric.hines () appliedwatch com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jim,

Try running tcpdump or snort in sniffer mode with BPF filters (snort
- -vXedi eth0 'src or dst port 514' to see if Snort is even sending them
out.

Are you using Syslog on the other end or Syslog-NG? Make sure Syslog is
configured properly of course.



Best Regards,

Eric Hines, GCIA, CISSP
CEO, President
Applied Watch Technologies, LLC


- ---------------------------------------------

Eric Hines, GCIA, CISSP
CEO, President
Applied Watch Technologies, LLC
1095 Pingree Road
Suite 213
Crystal Lake, IL 60014
Toll Free: (877) 262-7593 ext:327
Direct: (847) 854-2725 ext:327
Fax: (847) 854-5106
Web: http://www.appliedwatch.com
Email: eric.hines () appliedwatch com

- --------------------------------------------

"Enterprise Open Source Security Management"


Jim B wrote:
> I have configured snort to send messages to syslog but they are not being
> sent to syslog, how can determine why the messages or alerts are not being
> sent to syslog?
>
>
> Jim
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFD/y8/bOqF2QHgUK0RAvRlAKC+e3E2NGdr0W3CqxAK9mwj08sBYQCfZfBV
tNjkn9shUL4p62R4HCiq63Y=
=0CSE
-----END PGP SIGNATURE-----


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users