Snort mailing list archives
Re: syslog
From: Andrea Venturoli <ml () netfence it>
Date: Mon, 11 Jun 2012 11:47:32 +0200
On 06/06/12 15:58, Jarrett Carver wrote:
Andrea, I don't believe LOG_SECURITY is a valid facility to use in the output alert_syslog. If you look in ~/snort-2.9.2.3/src/output-plugins/spo_alert_syslog.c you will see that only the following facility keywords are available to the syslog output: log_auth log_authpriv log_daemon log_local0 log_local1 log_local2 log_local3 log_local4 log_local5 log_local6 log_local7 log_user I would recommend changing the facility in your snort.conf
Thanks, I did and now I got what I wanted. Though I'm wondering why LOG_SECURITY is not there, if it could be added and whether I should have seen an error, instead of a silent failure... bye & Thanks av. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- syslog Andrea Venturoli (Jun 06)
- Message not available
- Re: syslog Andrea Venturoli (Jun 11)
- Message not available