[Snort-devel] Logging problems on Windows using the -E switch
michaels at ...2826...
Thu Jan 31 15:36:39 EST 2013
For some reason my guide said it was 'output alert_syslog: LOG_AUTH LOG_ALERT' which did nothing. Then I was pointed to the -E switch, which only logs to the Application log.
This works :)
> -----Original Message-----
> From: Todd Wease [mailto:twease at ...402...]
> Sent: Thursday, January 31, 2013 1:47 PM
> To: Michael Steele
> Cc: snort-devel at lists.sourceforge.net
> Subject: Re: [Snort-devel] Logging problems on Windows using the -E switch
> On Thu, Jan 31, 2013 at 1:30 PM, Michael Steele <michaels at ...2826...>
> > It’s been awhile since I used this function. Using the –E switch sends
> > events to the Windows Application Log, but cuts off logging to unified2.
> > I believe the –E switch used to send events to the Application Log and
> > the ‘output database’ at the same time; Pre Barnyard2?
> > Can this be fixed so the –E switch does not block other output logging
> > options?
> > Best regards,
> > Michael...
> Hi Michael,
> You should be able to get rid of the '-E' switch and add the following to your
> output alert_syslog: LOG_AUTH LOG_INFO
More information about the Snort-devel