[Snort-devel] syslog logging in 1.7beta5

Martin Roesch roesch at ...48...
Thu Nov 23 01:48:40 EST 2000


The syslog module is explicitly (implicitly?) for alerts only.  You wouldn't
want to log packets to syslog, it's too much traffic/data.  The database
module can be used either way effectively, so you can tell it which output
facility (log or alert) in Snort you want to report to explicitly.

    -Marty

Karl Lovink wrote:
> 
> Marty,
> 
> Isn't it somewhat inconsistent. For the database logging you have to specify
> wether you want the log or alert entries and for syslog you get probably
> everything.
> 
> Karl
> 
> -----Oorspronkelijk bericht-----
> Van: snort-devel-admin at lists.sourceforge.net
> [mailto:snort-devel-admin at lists.sourceforge.net]Namens Martin Roesch
> Verzonden: donderdag 23 november 2000 6:38
> Aan: Karl Lovink
> CC: snort-devel at lists.sourceforge.net
> Onderwerp: Re: [Snort-devel] syslog logging in 1.7beta5
> 
> Karl Lovink wrote:
> >
> > I found out the hard way that the conifiguration of the output plugins has
> > been changed from 1.6 to 1.7. The database I got running again but I have
> > still problems with the syntax of the syslog output plugin.
> >
> > I tried:
> >
> > output syslog: log, LOG_AUTH LOG_ALERT
> >
> > But no success. What wrong?
> 
> Umm, you don't need the "log," in there.  Try it like this:
> 
> output syslog: LOG_AUTH LOG_ALERT
> 
>     -Marty
> 
> --
> Martin Roesch
> roesch at ...48...
> http://www.snort.org
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-devel

-- 
Martin Roesch
roesch at ...48...
http://www.snort.org



More information about the Snort-devel mailing list