Snort mailing list archives
Re: snort log to remote syslog
From: Robert Millott <robm () millottandassociates com>
Date: Wed, 2 Jul 2014 11:16:42 -0400
I am trying to get snort to send my alerts to a remote syslog server. I have configured snort to log to the local /var/log/messages, then using syslog-ng to forward logs to remote syslog server using: output alert_syslog: LOG_AUTH LOG_ALERT but I want to change it so snort send directly to the remote server. I edited snort.conf and change the output line to output alert_syslog: host=xxx.xxx.xxx.xxx:1516, LOG_AUTH LOG_ALERT but when I start snort I get WARNING: /etc/snort/snort.conf (531) => Unrecognized syslog facility/priority: host=xxx.xxx.xxx.xxx:1516, I have looked over the manual and copied that line directly from it, but I still get the error. Am I missing something? On Wed, Jul 2, 2014 at 10:45 AM, Robert Millott < robm () millottandassociates com> wrote:
I am trying to get snort to send my alerts to a remote syslog server. I have configured snort to log to the local /var/log/messages, then using syslog-ng to forward logs to remote syslog server using: output alert_syslog: LOG_AUTH LOG_ALERT but I want to change it so snort send directly to the remote server. I edited snort.conf and change the output line to output alert_syslog: host=xxx.xxx.xxx.xxx:1516, LOG_AUTH LOG_ALERT but when I start snort I get WARNING: /etc/snort/snort.conf (531) => Unrecognized syslog facility/priority: host=xxx.xxx.xxx.xxx:1516, I have looked over the manual and copied that line directly from it, but I still get the error. Am I missing something? -- Robert Millott President, Millott and Associates (443) 255-3588
-- Robert Millott President, Millott and Associates (443) 255-3588
------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: snort log to remote syslog Robert Millott (Jul 02)
- Re: snort log to remote syslog Y M (Jul 02)
- Message not available
- Re: snort log to remote syslog Robert Millott (Jul 02)