Snort mailing list archives

Re: snort log to remote syslog

From: Robert Millott <robm () millottandassociates com>
Date: Wed, 2 Jul 2014 11:16:42 -0400

I am trying to get snort to send my alerts to a remote syslog server.  I
have configured snort to log to the local /var/log/messages, then using
syslog-ng to forward logs to remote syslog server using:

output alert_syslog: LOG_AUTH LOG_ALERT

but I want to change it so snort send directly to the remote server.  I
edited snort.conf and change the output line to

output alert_syslog: host=xxx.xxx.xxx.xxx:1516, LOG_AUTH LOG_ALERT

but when I start snort I get
WARNING: /etc/snort/snort.conf (531) => Unrecognized syslog
facility/priority: host=xxx.xxx.xxx.xxx:1516,

I have looked over the manual and copied that line directly from it, but I
still get the error.

Am I missing something?


On Wed, Jul 2, 2014 at 10:45 AM, Robert Millott <
robm () millottandassociates com> wrote:

I am trying to get snort to send my alerts to a remote syslog server.  I
have configured snort to log to the local /var/log/messages, then using
syslog-ng to forward logs to remote syslog server using:

output alert_syslog: LOG_AUTH LOG_ALERT

but I want to change it so snort send directly to the remote server.  I
edited snort.conf and change the output line to

output alert_syslog: host=xxx.xxx.xxx.xxx:1516, LOG_AUTH LOG_ALERT

but when I start snort I get
WARNING: /etc/snort/snort.conf (531) => Unrecognized syslog
facility/priority: host=xxx.xxx.xxx.xxx:1516,

I have looked over the manual and copied that line directly from it, but I
still get the error.

Am I missing something?

--
Robert Millott
President, Millott and Associates
(443) 255-3588




-- 
Robert Millott
President, Millott and Associates
(443) 255-3588

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Re: snort log to remote syslog Robert Millott (Jul 02)
- Re: snort log to remote syslog Y M (Jul 02)
- Message not available
  - Re: snort log to remote syslog Robert Millott (Jul 02)