Snort mailing list archives
Re: Changing name of alerts log
From: frederick sonnichsen <fsonnichsen () whoi edu>
Date: Mon, 10 Mar 2008 12:02:50 -0400
Thanks Joel. Below is a snippet of what I would think is the pertinent area of the old snort file. This was snort 2.3.3(14) running on debian. Fritz =============== OLD SNORT.CONF SNIPPET ====================== # [Win32 can use any of these formats...] output alert_syslog: LOG_LOCAL0 LOG_ALERT # output alert_syslog: host=hostname, LOG_AUTH LOG_ALERT # output alert_syslog: host=hostname:port, LOG_AUTH LOG_ALERT # log_tcpdump: log packets in binary tcpdump format # ------------------------------------------------- # The only argument is the output file name. # output log_tcpdump: tcpdump.log Joel Esler wrote:
Do you have a snort.conf file from your predecessor? Joel On Mar 10, 2008, at 10:40 AM, frederick sonnichsen wrote:I have snort 2.8.0.2 (75) running on Fedora Core 6. It presently writes files "alerts" and "snort.log.xxxxxxx". I want to change the names of these files to fit software/scripts written by my predecessor. Can someone tell me how to change the: alerts log to "snortlog.log" and the dump logs to "tcpdump.log" I tried: in snort.conf output alert_syslog: LOG_LOCAL0 in syslog.conf local0.* /var/log/snort/snortlog.log But this has no affect. Perhaps this is not the way to accomplish this. Thanks Fritz ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Joel Esler joel.esler () sourcefire com
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Difference of Alerts, Snort Logs, and Tcpdumps frederick sonnichsen (Mar 04)
- Re: Difference of Alerts, Snort Logs, and Tcpdumps Seth (Mar 04)
- Re: Difference of Alerts, Snort Logs, and Tcpdumps frederick sonnichsen (Mar 04)
- Changing name of alerts log frederick sonnichsen (Mar 10)
- Re: Changing name of alerts log Joel Esler (Mar 10)
- Re: Changing name of alerts log frederick sonnichsen (Mar 10)
- Re: Difference of Alerts, Snort Logs, and Tcpdumps Seth (Mar 04)