[Snort-devel] Logging problems on Windows using the -E switch

Todd Wease twease at ...402...
Thu Jan 31 13:47:06 EST 2013


On Thu, Jan 31, 2013 at 1:30 PM, Michael Steele <michaels at ...2826...> wrote:
> It’s been awhile since I used this function. Using the –E switch sends
> events to the Windows Application Log, but cuts off logging to unified2.
>
>
>
> I believe the –E switch used to send events to the Application Log and the
> ‘output database’ at the same time; Pre Barnyard2?
>
>
>
> Can this be fixed so the –E switch does not block other output logging
> options?
>
>
>
> Best regards,
>
> Michael...
>

Hi Michael,

You should be able to get rid of the '-E' switch and add the following
to your snort.conf:

  output alert_syslog: LOG_AUTH LOG_INFO

Todd




More information about the Snort-devel mailing list