Re: Sending syslog alerts from Snort on ArchLinux on RPI b+

[Y M <snort () outlook com>]

How is the syslog configuration line formatted? Trying something like:
output alert_syslog: host=<Syslog.IP.Addr:PORT>, <log_facility> <log_severity>
Also, make sure that the syslog receiver is actually getting the syslog packets. Hope this helps.
Date: Mon, 23 Mar 2015 18:45:25 +0000
From: bg31bf () student sunderland ac uk
To: snort-users () lists sourceforge net
Subject: [Snort-users] Sending syslog alerts from Snort on ArchLinux on RPI     b+

Hi,
Im issuing the command snort -d -h 192.168.1.0/24 -c /etc/snort/snort.conf -s and on the syslog server i have syslog 
watcher 4.7.4 on windows 7. Then i set up a rule for rules.conf file to alert ICMP packets. When I ping from the 
windows machine to the Raspberry Pi the ICMP traffic is reported within the console if snort is ran with the -A console 
option. But when the -s option is selected it doesnt send alerts to the Syslog server. I did configure the snort.conf 
in the syslog section with the IP address and 514 port of the Syslog server still no dice.

Am I missing something? 


------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!                                        

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!