[Snort-devel] Win32 v1.7 Syslog "facility" error

Rich Adamson radamson at ...442...
Thu May 24 16:38:25 EDT 2001


Win32 developers...

Could someone take a look at the Syslog "facility" code encoding?

Problem:
When using Syslog logging from Win32 v1.7 and the snort.conf file
configured for "output alert_syslog: LOG_AUTH LOG_ALERT", the syslog
messages sent have the Facility and Priority encoded as <81> (observed
with an NAI Sniffer on the wire).

The <81> translates to 0x51, which is 
	Facility Type = 10 (Undefined)
	Priority Type = 1  (Alert)

Also, changing the LOG_AUTH to LOG_LOCAL2 has no impact on the encoding
of Syslog messages. The continue to be generated as <81>.

Rich
radamson at ...442...






More information about the Snort-devel mailing list