Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: logging to syslog

From: "Michael Steele" <michaels () winsnort com>
Date: Wed, 19 Sep 2012 13:04:44 -0400
Remove the '-K ascii' from the run line.

 

Before going through all the trouble of changing the actual Snort startup,
net stop snort, cd to the snort/bin folder and run:

 

snort -c c:\snort\etc\snort.conf -l c:\snort\log -i1 -s

 

I'm assuming the snort.conf is set properly for syslog output.

 

Kindest regards,

Michael...

 

WINSNORT.com Management Team Member

--

****************** Established ~ 2001 *******************

*          Visit Us @  <http://www.winsnort.com> http://www.winsnort.com
*

*      ~~ FREE WinIDS Snort installation guides ~~      *

*               ~~ FREE support forums ~~               *

* Snort: Open Source Network IDS -  <http://www.snort.org>
http://www.snort.org *

*********************************************************

 

From: Benjamin Lincoln [mailto:BLincoln () bannerbank com] 
Sent: Wednesday, September 19, 2012 11:52 AM
To: 'snort-users () lists sourceforge net'
Subject: [Snort-users] logging to syslog

 

I've been having problems with the newest version of snort 2.9.3.1 not
sending syslog information to our server.

I've configured snort to install using the command snort -c
c:\snort\etc\snort.conf -l c:\snort\log -i1 -K ascii -s and set the syslog
server's IP address in the snort.conf file. I've create a test rule to alert
on any IP traffic, and can see the logs generate in the log folder, but it
doesn't send to the remote syslog server. I've also tested sending the
syslogs to kiwi on the local snort server and that works fine. This was
working with an older version of snort. Is there any changes in the new
version of snort that needs to be configured to send to syslog?

 

Benjamin Lincoln
IT Security Analyst Support

Banner Bank

Internal Ext. 53274

(509)524-5931

 

 


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: