[Snort-devel] Logging problems on Windows using the -E switch

Michael Steele michaels at ...2826...
Thu Jan 31 15:36:39 EST 2013


For some reason my guide said it was 'output alert_syslog: LOG_AUTH LOG_ALERT' which did nothing. Then I was pointed to the -E switch, which only logs to the Application log.

This works :)

Best regards,
Michael...

> -----Original Message-----
> From: Todd Wease [mailto:twease at ...402...]
> Sent: Thursday, January 31, 2013 1:47 PM
> To: Michael Steele
> Cc: snort-devel at lists.sourceforge.net
> Subject: Re: [Snort-devel] Logging problems on Windows using the -E switch
> 
> On Thu, Jan 31, 2013 at 1:30 PM, Michael Steele <michaels at ...2826...>
> wrote:
> > It’s been awhile since I used this function. Using the –E switch sends
> > events to the Windows Application Log, but cuts off logging to unified2.
> >
> >
> >
> > I believe the –E switch used to send events to the Application Log and
> > the ‘output database’ at the same time; Pre Barnyard2?
> >
> >
> >
> > Can this be fixed so the –E switch does not block other output logging
> > options?
> >
> >
> >
> > Best regards,
> >
> > Michael...
> >
> 
> Hi Michael,
> 
> You should be able to get rid of the '-E' switch and add the following to your
> snort.conf:
> 
>   output alert_syslog: LOG_AUTH LOG_INFO
> 
> Todd






More information about the Snort-devel mailing list