[Snort-devel] Need assistence interpreting syslog.c code

Rich Adamson radamson at ...442...
Mon May 28 14:05:10 EDT 2001

I've successfully implemented snort v1.7 on both a Linux box and a Win32 box.
Both versions have a problem with generating syslog Facility and Priority levels
as configured within snort.conf by:
  output alert_syslog: LOG_LOCAL2 LOG_WARNING

The issue seems to be in the syslog.c module around the following code. However,
I'm very new to the snort list and need a little help identifying the problem
from within the source.

  /* Check for invalid bits. */
  if (pri & ~(LOG_PRIMASK|LOG_FACMASK)) {
              "syslog: unknown facility/priority: %x", pri);
          pri &= LOG_PRIMASK|LOG_FACMASK;

  /* Check priority against setlogmask values. */
  if (!(LOG_MASK(LOG_PRI(pri)) & LogMask))

  saved_errno = errno;

  /* Set default facility if none specified. */
  if ((pri & LOG_FACMASK) == 0)
          pri |= LogFacility;

  /* Build the message. */

The issue seems to be that the user specified syslog parameters (LOG_LOCAL2 and 
LOG_WARNING in the above example) are not actually implemented in code. The 
variable "pri" holds a default value of 81 (as hard coded in log.c), but no where
can I find where this variable is actually set to what the user has specified
in the snort.conf file.

Can someone help point out how to retreive the values read from snort.conf file
(they have been read and parsed)?


More information about the Snort-devel mailing list