[Snort-devel] BUG (sort of) - Snort syslog to multiple facilities

mowgli at ...828... mowgli at ...828...
Thu Sep 20 15:46:02 EDT 2001


  Someone else has probably mentioned this, but I've been playing with
trying to get all snort syslog entries (startup, etc. included) into
one facility, and it appears that in snort.c it uses LOG_DAEMON for
everything, regardless of what's specified in the snort.conf config
file. Not a big bug, but it'd be nice if snort.c defaulted to
LOG_DAEMON *until* it finds the new facility line in the config file,
from which point it really should use that facility to do all further
logging.

  Alternatively, for someone who wanted to be able to just redirect
the alert messages, perhaps just define a seperate set of variables
in the config file for logging by the main program, allowing alerts
to be directed to a different facility.level.

  Otherwise, good stuff (1.8.1 I'm finding is more stable than 1.8 ;).

				Thanks, <Mowgli>
-- 
The Ohio State University Network Security Group   |  Mowgli C. Assor
---------------------------------------------------+--------------------------
E-mail : security at ...829...               |  Greater Security Poo-Bah
   Web : http://www.net.ohio-state.edu/security/   |  Office : (614) 292-1835




More information about the Snort-devel mailing list