[Snort-devel] Syslog issues

Joe McAlerney joey at ...60...
Tue Apr 24 14:21:32 EDT 2001


These have been popping up in the forums.  I'm posting this because I
don't remember this being brought up on this list before.  If I can
summon some extra time, I'll look into it, but maybe someone else knows
the answer off the top of their head.

.....................................................
HI all.

Trying to change syslog facility, but no go. I try changing it in
snort.conf, but it has no effect (at least not the way I configured
it..)I ended up changing the log.c sourcecode to be able to log to
local5 facility. 

Has anyone got any hints/config-tips ? 

-krister
......................................................
I've encountered the same problem. If you specify "-s" in the command
line it logs to syslog but with the
default facility/level (AUTHPRIV/ALERT). Since I wanted to use LOCAL2
instead i turned to the snort.conf
which suposedly can use a custom facility... only to find that it
wouldn't log to syslog no matter what
fac/lvl you choose (it logs to the default dir/files instead). 

-razvan
......................................................

-Joe M.

-- 
|   Joe McAlerney     joey at ...63...   |
| Silicon Defense - Technical Support for Snort |
|       http://www.silicondefense.com/          |
+--                                           --+




More information about the Snort-devel mailing list