[snort-users] alert_syslog and remote syslogs: win32 only?

[GravyFace <gravyface () gmail com>]

Hello,

Running snort as follows (eth0 is 192.168.0.10):

snort -c /etc/snort/snort.conf -pDs -A fast -l /var/log/snort -i eth0

snort.conf:
===========
var RULE_PATH /etc/snort/rules/
output alert_syslog: host=192.168.0.3, LOG_AUTH LOG_ALERT
include $RULE_PATH/test.rules

test.rules:
========
#test rule
alert icmp any any -> 192.168.0.10/32 any (msg:"ICMP";sid:501;)

log file shows 4 pings in fast format ok, so I know the rules are
working, but I'm not seeing anything on my syslog server.

The documentation seems to imply that this host:port parameter is for
win32, but assumed it was -- as the docs mention -- because win32
doesn't have syslog, but that it would still work under Linux.

Am I wrong? If so, what's the recommended method of doing remote syslogging?

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users