Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: syslog

From: Andrea Venturoli <ml () netfence it>
Date: Mon, 11 Jun 2012 11:47:32 +0200
On 06/06/12 15:58, Jarrett Carver wrote:

Andrea,

I don't believe LOG_SECURITY is a valid facility to use in the output
alert_syslog. If you look in
~/snort-2.9.2.3/src/output-plugins/spo_alert_syslog.c you will see that
only the following facility keywords are available to the syslog output:

     log_auth
     log_authpriv
     log_daemon
     log_local0
     log_local1
     log_local2
     log_local3
     log_local4
     log_local5
     log_local6
     log_local7
     log_user


I would recommend changing the facility in your snort.conf


Thanks, I did and now I got what I wanted.

Though I'm wondering why LOG_SECURITY is not there, if it could be added 
and whether I should have seen an error, instead of a silent failure...

  bye & Thanks
        av.

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: