Re: Logging problems on Windows using the -E switch

[Todd Wease <twease () sourcefire com>]

On Thu, Jan 31, 2013 at 1:30 PM, Michael Steele <michaels () winsnort com> wrote:
> It’s been awhile since I used this function. Using the –E switch sends
> events to the Windows Application Log, but cuts off logging to unified2.
>
>
>
> I believe the –E switch used to send events to the Application Log and the
> ‘output database’ at the same time; Pre Barnyard2?
>
>
>
> Can this be fixed so the –E switch does not block other output logging
> options?
>
>
>
> Best regards,
>
> Michael...

Hi Michael,

You should be able to get rid of the '-E' switch and add the following
to your snort.conf:

  output alert_syslog: LOG_AUTH LOG_INFO

Todd

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_jan
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!